Security News

Cybersecurity news aggregator

🔓
CRITICAL Vulnerabilities HKCERT

Zimbra Collaboration Suite Information Disclosure Vulnerability

cve-2025-48700software-vulnerabilityweb-securitykev-boostedmitre-ta0001
A remote attacker can exploit CVE-2025-48700 (CVSS 6.1) in Zimbra Collaboration Suite to trigger cross-site scripting and sensitive information disclosure. This vulnerability affects Zimbra versions 10.0.0 through 10.0.11, 10.1.0 through 10.1.3, and version 8.8.15. Patches are available in versions 10.0.12 and 10.1.4.
Read Full Article →

A vulnerability has been identified in Zimbra Collaboration Suite. A remote attacker could exploit this vulnerability to trigger cross-site scripting and sensitive information disclosure the targeted system. Note: CVE-2025-48700 is being exploited in the wild. This vulnerability could allow... Impact Cross-Site Scripting Information Disclosure System / Technologies affected Prior to Version 9.0.0 Patch 43 Prior to Version 10.0.12 Prior to Version 10.1.4 Prior to Version 8.8.15 Patch 47 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: Version 9.0.0 Patch 43 Version 10.0.12 Version 10.1.4 Version 8.8.15 Patch 47

Related Articles

CRITICAL CISA Adds Eight Known Exploited Vulnerabilities to Catalog CISA Alerts CRITICAL CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines The Hacker News CRITICAL Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities SecurityWeek CRITICAL Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks BleepingComputer
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn