Summary
CISA has added CVE-2025-48700, an actively exploited XSS vulnerability in Zimbra Collaboration Suite's Classic UI, to its Known Exploited Vulnerabilities Catalog. Over 10,500 are unpatched instances still exposed online despite patches being available since June 2025.
Take Action:
If you run Zimbra Collaboration Suite, immediately upgrade to a patched version (ZCS 8.8.15 Patch 47, 9.0.0 Patch 43, 10.0.12, or 10.1.4 or later) since this flaw is being actively exploited. Then audit your mail servers for signs of compromise. Check for suspicious mail forwarding rules, recent TGZ exports, and unexpected MFA or application password changes.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)