CVE advisoryKnown Exploit
CVE-2025-48700
Zimbra Collaboration Cross-Site Scripting Vulnerability
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A cross-site scripting vulnerability in Zimbra Collaboration allows attackers to execute JavaScript, potentially leading to unauthorized access to sensitive information. This impacts organizations using the Zimbra Classic UI by exposing user sessions when a crafted email is viewed, posing a risk of data compromise.