Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Oct 28, 2025

CVE-2025-27915

High
EPSS 24.9%CISA KEV
Synacor/Zimbra Collaboration Suite (ZCS)

Description

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.

EPSS — Exploit Probability

24.9%

Higher than 96.1% of all CVEs

Required Action

https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2025-27915

Related Articles (1)

Malware & Threats

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).

Mar 18, 2026

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
24.9%
CISA KEV
Yes
Ransomware
Unknown
Articles
1

Timeline

Published

Oct 7, 2025

Added to KEV

Oct 7, 2025

Remediation Due

Oct 28, 2025

Affected Product

Synacor

Zimbra Collaboration Suite (ZCS)

View all Synacor CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE