Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Zimbra Collaboration Suite actively exploited XSS flaw (CVE-2025-48700)

Vulnerability
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-48700 is an actively exploited XSS flaw in Zimbra Collaboration Suite (ZCS) that can let unauthenticated attackers run JavaScript inside a user's session and access sensitive information. The issue affects ZCS 8.8.15, 9.0, 10.0, and 10.1, making the vulnerable surface broad across deployed Zimbra versions. More than 10,000 exposed instances are reported vulnerable online, which increases the chance of mass abuse. CISA has placed the flaw in the KEV Catalog, confirming real-world exploitation and urgent remediation needs.

Related Happenings

APT28 Operation GhostMail Zimbra phishing campaign targeting Ukrainian government entities

Campaign
First: 19.03.2026 16:55 Last: 19.03.2026 16:55 Sources 1

About this happening: **APT28**’s **Operation GhostMail** is actively targeting **Ukrainian government entities** through a phishing chain that exploits **CVE-2025-66376** in **Zimbra Collaboration Sui...

Open Happening

CISA patch guidance for Zimbra and SharePoint flaws

Advisory/Mitigation
First: 19.03.2026 08:05 Last: 19.03.2026 08:05 Sources 1

About this happening: **CISA** told **FCEB agencies** to patch **two actively exploited vulnerabilities** in **Synacor Zimbra Collaboration Suite (ZCS)** and **Microsoft Office SharePoint**, creating i...

Open Happening

Zimbra Collaboration Suite (ZCS) stored XSS flaw (CVE-2025-66376)

Vulnerability
First: 18.03.2026 21:57 Last: 18.03.2026 21:57 Sources 1

About this happening: **CVE-2025-66376** affects **Zimbra Collaboration Suite (ZCS)**, where a stored **XSS flaw** in the **Classic UI** is **actively exploited** and can put exposed mail servers and u...

Open Happening

Sangoma FreePBX web shell exploitation wave (CVE-2025-64328)

Exploitation Wave
First: 27.02.2026 19:59 Last: 27.02.2026 19:59 Sources 1

About this happening: More than **900 Sangoma FreePBX** instances remain **web-shell infected** after an **ongoing exploitation wave** tied to **CVE-2025-64328**. The affected systems span the **U.S.**...

Open Happening

CISA adds two Roundcube flaws to KEV catalog

Public Sector Action
First: 21.02.2026 09:21 Last: 21.02.2026 09:21 Sources 1

About this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...

Open Happening

Timeline

  1. 24.04.2026 16:35 2 articles · 1mo ago

    Zimbra Collaboration Suite actively exploited XSS flaw (CVE-2025-48700)

    Initial Disclosure

    The **CVE-2025-48700** XSS issue surfaced as a patched weakness in **Zimbra Collaboration Suite** that could run attacker JavaScript inside a user's session. It then became a live exploitation concern as exposed servers remained online and defenders confirmed abuse in the wild.

    Show sources
    Open in new tab