cvelistv5 - CVE-2025-27915

CVE-2025-27915 (GCVE-0-2025-27915)

Vulnerability from cvelistv5 – Published: 2025-03-12 00:00 – Updated: 2025-10-21 22:55

CISA

Summary

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

Assigner

mitre

References

URL

Tags

	https://wiki.zimbra.com/wiki/Security_Center
	https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1…
	https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0…
	https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.…

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-10-07

Due date: 2025-10-28

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2025-27915

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-27915",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-07T03:55:56.855156Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-10-07",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:23.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://strikeready.com/blog/0day-ics-attack-in-the-wild/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-10-07T00:00:00+00:00",
            "value": "CVE-2025-27915 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a \u003cdetails\u003e tag. This allows an attacker to run arbitrary JavaScript within the victim\u0027s session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim\u0027s account, including e-mail redirection and data exfiltration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T14:31:38.012Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://wiki.zimbra.com/wiki/Security_Center"
        },
        {
          "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes"
        },
        {
          "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes"
        },
        {
          "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-27915",
    "datePublished": "2025-03-12T00:00:00.000Z",
    "dateReserved": "2025-03-10T00:00:00.000Z",
    "dateUpdated": "2025-10-21T22:55:23.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-27915",
      "cwes": "[\"CWE-79\"]",
      "dateAdded": "2025-10-07",
      "dueDate": "2025-10-28",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2025-27915",
      "product": "Zimbra Collaboration Suite (ZCS)",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a tag. This allows an attacker to run arbitrary JavaScript within the victim\u0027s session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim\u0027s account, including e-mail redirection and data exfiltration.",
      "vendorProject": "Synacor",
      "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27915\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-03-12T15:15:39.900\",\"lastModified\":\"2025-11-04T16:45:11.053\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a \u003cdetails\u003e tag. This allows an attacker to run arbitrary JavaScript within the victim\u0027s session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim\u0027s account, including e-mail redirection and data exfiltration.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 9.0, 10.0 y 10.1. Existe una vulnerabilidad de cross site scripting (XSS) almacenado en el cliente web cl\u00e1sico debido a una depuraci\u00f3n insuficiente del contenido HTML en los archivos ICS. Cuando un usuario visualiza un mensaje de correo electr\u00f3nico que contiene una entrada ICS maliciosa, su JavaScript incrustado se ejecuta mediante un evento ontoggle dentro de una etiqueta . Esto permite a un atacante ejecutar JavaScript arbitrario en la sesi\u00f3n de la v\u00edctima, lo que podr\u00eda provocar acciones no autorizadas, como configurar filtros de correo electr\u00f3nico para redirigir los mensajes a una direcci\u00f3n controlada por el atacante. Como resultado, un atacante puede realizar acciones no autorizadas en la cuenta de la v\u00edctima, como la redirecci\u00f3n de correo electr\u00f3nico y la exfiltraci\u00f3n de datos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"cisaExploitAdd\":\"2025-10-07\",\"cisaActionDue\":\"2025-10-28\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability\",\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.13\",\"matchCriteriaId\":\"7F7A8D86-7352-45D1-A809-D19FCC4A4ED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.5\",\"matchCriteriaId\":\"CD5597BA-6D2C-4E3A-AA67-0F29DA04CA76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"32AFCE22-5ADA-4FF7-A165-5EC12B325DEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3577FE6-F1F4-4555-8D27-84D6DE731EA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"931BD98E-1A5F-4634-945B-BDD7D2FAA8B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E7C0A57-A887-4D29-B601-4275313F46B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7248B91-D136-4DD5-A631-737E4C220A02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"494F6FD4-36ED-4E40-8336-7F077FA80FA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DF8C0CE-A71D-4BB1-83FB-1EA5ED77E0C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0648498-2EE5-4B68-8360-ED5914285356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"24282FF8-548B-415B-95CA-1EFD404D21D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFDF2D9-ED72-4969-AA3B-E8D48CB1922D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B7D0A8B-7A72-4C1A-85F2-BE336CA47E0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"019AFC34-289E-4A01-B08B-A5807F7F909A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E7B3976-DA6F-4285-93E6-2328006F7F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E586F-0E02-45A6-93AD-895048FC2D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE37BEE-4BDB-4E62-8DE3-98CF74DFBE01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADF51BCA-37DD-4642-B201-74A6D1A545FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"39611F3D-A898-4C35-8915-3334CDFB78E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"40AB56B7-7222-4C44-A271-45DFE3673F72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AE8F501-4528-4F15-AE50-D4F11FB462DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9E054B-7790-4E74-A771-40BF6EC71610\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD924E57-C77B-430B-A615-537BB39CEA9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"F43F4AC0-7C82-4CF4-B0C7-3A4C567BC985\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p28:*:*:*:*:*:*\",\"matchCriteriaId\":\"7991F602-41D7-4377-B888-D66A467EAD67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p29:*:*:*:*:*:*\",\"matchCriteriaId\":\"2193FCA2-1AE3-497D-B0ED-5B89727410E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA310AFA-492D-4A6C-A7F6-740E82CB6E57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p30:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF95618B-0BFB-403C-83BE-C97879FC866D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p31:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82346A9-9CC2-4B91-BA2F-A815AAA92A7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E800348-E139-418D-910B-7B3A9E1E721C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p33:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7DE1A7E-573B-42F3-B0A4-D2E676954FE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p34:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60BC1D0-8552-4E6B-B2C5-96038448C238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p35:*:*:*:*:*:*\",\"matchCriteriaId\":\"3924251E-13B0-420E-8080-D3312C3D54AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p36:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEBE75F9-A494-4C78-927A-EA564BDCCE0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p37:*:*:*:*:*:*\",\"matchCriteriaId\":\"900BECBA-7FDB-4E35-9603-29706FB87BD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p38:*:*:*:*:*:*\",\"matchCriteriaId\":\"5024FD58-A3ED-43B1-83EF-F4570C2573BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p39:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CC9D046-4EB4-4608-8AB7-B60AC330A770\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AF337B5-B296-449B-8848-7636EC7C46C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p40:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4535EC5-74D5-41E8-95F1-5C033ADB043E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p41:*:*:*:*:*:*\",\"matchCriteriaId\":\"408E1BFD-16AA-458C-B040-04870522FEBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p42:*:*:*:*:*:*\",\"matchCriteriaId\":\"205B2CDC-6423-4FD9-9FD0-847ADEB64003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p43:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAE21C69-F080-4CE2-A39E-BF3509FB2005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"52232ACA-C158-48C8-A0DB-7689040CB8FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B4D0040-86D0-46C3-8A9A-3DD12138B9ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BB9BC7-078D-4E08-88E4-9432D74CA9BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"F04D4B77-D386-4BC8-8169-9846693F6F11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"992370FA-F171-4FB3-9C1C-58AC37038CE4\"}]}]}],\"references\":[{\"url\":\"https://wiki.zimbra.com/wiki/Security_Center\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://strikeready.com/blog/0day-ics-attack-in-the-wild/\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27915\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-07T03:55:56.855156Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-10-07\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-10-07T00:00:00+00:00\", \"value\": \"CVE-2025-27915 added to CISA KEV\"}], \"references\": [{\"url\": \"https://strikeready.com/blog/0day-ics-attack-in-the-wild/\"}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-12T15:46:57.370Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a \u003cdetails\u003e tag. This allows an attacker to run arbitrary JavaScript within the victim\u0027s session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim\u0027s account, including e-mail redirection and data exfiltration.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-03-12T14:31:38.012Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27915\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:23.602Z\", \"dateReserved\": \"2025-03-10T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-03-12T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-5RG8-G76J-7FW7

Vulnerability from github – Published: 2025-03-12 15:32 – Updated: 2025-10-22 00:33

Details

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.

Severity ?

5.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-27915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-12T15:15:39Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a \u003cdetails\u003e tag. This allows an attacker to run arbitrary JavaScript within the victim\u0027s session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim\u0027s account, including e-mail redirection and data exfiltration.",
  "id": "GHSA-5rg8-g76j-7fw7",
  "modified": "2025-10-22T00:33:16Z",
  "published": "2025-03-12T15:32:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27915"
    },
    {
      "type": "WEB",
      "url": "https://strikeready.com/blog/0day-ics-attack-in-the-wild"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Security_Center"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes"
    },
    {
      "type": "WEB",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-27915

Vulnerability from fkie_nvd - Published: 2025-03-12 15:15 - Updated: 2025-11-04 16:45

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	https://wiki.zimbra.com/wiki/Security_Center	Release Notes
cve@mitre.org	https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes	Release Notes
cve@mitre.org	https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes	Release Notes
cve@mitre.org	https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes	Release Notes
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://strikeready.com/blog/0day-ics-attack-in-the-wild/	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915	US Government Resource

Impacted products

Vendor	Product	Version
synacor	zimbra_collaboration_suite	*
synacor	zimbra_collaboration_suite	*
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0
synacor	zimbra_collaboration_suite	9.0.0

JSON

To clipboard

{
  "cisaActionDue": "2025-10-28",
  "cisaExploitAdd": "2025-10-07",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7A8D86-7352-45D1-A809-D19FCC4A4ED0",
              "versionEndExcluding": "10.0.13",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD5597BA-6D2C-4E3A-AA67-0F29DA04CA76",
              "versionEndExcluding": "10.1.5",
              "versionStartIncluding": "10.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "32AFCE22-5ADA-4FF7-A165-5EC12B325DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D3577FE6-F1F4-4555-8D27-84D6DE731EA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "931BD98E-1A5F-4634-945B-BDD7D2FAA8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "2E7C0A57-A887-4D29-B601-4275313F46B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B7248B91-D136-4DD5-A631-737E4C220A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:*",
              "matchCriteriaId": "494F6FD4-36ED-4E40-8336-7F077FA80FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:*",
              "matchCriteriaId": "9DF8C0CE-A71D-4BB1-83FB-1EA5ED77E0C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:*",
              "matchCriteriaId": "E0648498-2EE5-4B68-8360-ED5914285356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:*",
              "matchCriteriaId": "24282FF8-548B-415B-95CA-1EFD404D21D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDF2D9-ED72-4969-AA3B-E8D48CB1922D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:*",
              "matchCriteriaId": "2B7D0A8B-7A72-4C1A-85F2-BE336CA47E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:*",
              "matchCriteriaId": "019AFC34-289E-4A01-B08B-A5807F7F909A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "7E7B3976-DA6F-4285-93E6-2328006F7F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:*",
              "matchCriteriaId": "062E586F-0E02-45A6-93AD-895048FC2D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:*",
              "matchCriteriaId": "3EE37BEE-4BDB-4E62-8DE3-98CF74DFBE01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:*",
              "matchCriteriaId": "ADF51BCA-37DD-4642-B201-74A6D1A545FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:*",
              "matchCriteriaId": "39611F3D-A898-4C35-8915-3334CDFB78E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:*",
              "matchCriteriaId": "40AB56B7-7222-4C44-A271-45DFE3673F72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:*",
              "matchCriteriaId": "2AE8F501-4528-4F15-AE50-D4F11FB462DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:*",
              "matchCriteriaId": "AB9E054B-7790-4E74-A771-40BF6EC71610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:*",
              "matchCriteriaId": "DD924E57-C77B-430B-A615-537BB39CEA9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p27:*:*:*:*:*:*",
              "matchCriteriaId": "F43F4AC0-7C82-4CF4-B0C7-3A4C567BC985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p28:*:*:*:*:*:*",
              "matchCriteriaId": "7991F602-41D7-4377-B888-D66A467EAD67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p29:*:*:*:*:*:*",
              "matchCriteriaId": "2193FCA2-1AE3-497D-B0ED-5B89727410E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "FA310AFA-492D-4A6C-A7F6-740E82CB6E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p30:*:*:*:*:*:*",
              "matchCriteriaId": "FF95618B-0BFB-403C-83BE-C97879FC866D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p31:*:*:*:*:*:*",
              "matchCriteriaId": "A82346A9-9CC2-4B91-BA2F-A815AAA92A7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p32:*:*:*:*:*:*",
              "matchCriteriaId": "2E800348-E139-418D-910B-7B3A9E1E721C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p33:*:*:*:*:*:*",
              "matchCriteriaId": "C7DE1A7E-573B-42F3-B0A4-D2E676954FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p34:*:*:*:*:*:*",
              "matchCriteriaId": "E60BC1D0-8552-4E6B-B2C5-96038448C238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p35:*:*:*:*:*:*",
              "matchCriteriaId": "3924251E-13B0-420E-8080-D3312C3D54AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p36:*:*:*:*:*:*",
              "matchCriteriaId": "AEBE75F9-A494-4C78-927A-EA564BDCCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p37:*:*:*:*:*:*",
              "matchCriteriaId": "900BECBA-7FDB-4E35-9603-29706FB87BD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p38:*:*:*:*:*:*",
              "matchCriteriaId": "5024FD58-A3ED-43B1-83EF-F4570C2573BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p39:*:*:*:*:*:*",
              "matchCriteriaId": "3CC9D046-4EB4-4608-8AB7-B60AC330A770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "2AF337B5-B296-449B-8848-7636EC7C46C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p40:*:*:*:*:*:*",
              "matchCriteriaId": "A4535EC5-74D5-41E8-95F1-5C033ADB043E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p41:*:*:*:*:*:*",
              "matchCriteriaId": "408E1BFD-16AA-458C-B040-04870522FEBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p42:*:*:*:*:*:*",
              "matchCriteriaId": "205B2CDC-6423-4FD9-9FD0-847ADEB64003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p43:*:*:*:*:*:*",
              "matchCriteriaId": "CAE21C69-F080-4CE2-A39E-BF3509FB2005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "52232ACA-C158-48C8-A0DB-7689040CB8FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D0040-86D0-46C3-8A9A-3DD12138B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "D2BB9BC7-078D-4E08-88E4-9432D74CA9BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "F04D4B77-D386-4BC8-8169-9846693F6F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:*",
              "matchCriteriaId": "992370FA-F171-4FB3-9C1C-58AC37038CE4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a \u003cdetails\u003e tag. This allows an attacker to run arbitrary JavaScript within the victim\u0027s session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim\u0027s account, including e-mail redirection and data exfiltration."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 9.0, 10.0 y 10.1. Existe una vulnerabilidad de cross site scripting (XSS) almacenado en el cliente web cl\u00e1sico debido a una depuraci\u00f3n insuficiente del contenido HTML en los archivos ICS. Cuando un usuario visualiza un mensaje de correo electr\u00f3nico que contiene una entrada ICS maliciosa, su JavaScript incrustado se ejecuta mediante un evento ontoggle dentro de una etiqueta . Esto permite a un atacante ejecutar JavaScript arbitrario en la sesi\u00f3n de la v\u00edctima, lo que podr\u00eda provocar acciones no autorizadas, como configurar filtros de correo electr\u00f3nico para redirigir los mensajes a una direcci\u00f3n controlada por el atacante. Como resultado, un atacante puede realizar acciones no autorizadas en la cuenta de la v\u00edctima, como la redirecci\u00f3n de correo electr\u00f3nico y la exfiltraci\u00f3n de datos."
    }
  ],
  "id": "CVE-2025-27915",
  "lastModified": "2025-11-04T16:45:11.053",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-12T15:15:39.900",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wiki.zimbra.com/wiki/Security_Center"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://strikeready.com/blog/0day-ics-attack-in-the-wild/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2025-AVI-0074

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Synacor Zimbra Collaboration. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Synacor	Zimbra Collaboration	Zimbra Collaboration versions 9.0.0.x antérieures à 9.0.0 Patch 44
Synacor	Zimbra Collaboration	Zimbra Collaboration versions 10.0.x antérieures à 10.0.13
Synacor	Zimbra Collaboration	Zimbra Collaboration versions 10.1.x antérieures à 10.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité Synacor Zimbra Collaboration 10.0.13	2025-01-27	vendor-advisory
Bulletin de sécurité Synacor Zimbra Collaboration 9.0.0 Patch 44	2025-01-27	vendor-advisory
Bulletin de sécurité Synacor Zimbra Collaboration 10.1.5	2025-01-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 9.0.0.x ant\u00e9rieures \u00e0 9.0.0 Patch 44",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.0.x ant\u00e9rieures \u00e0 10.0.13",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.5",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-27915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27915"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0074",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-28T00:00:00.000000"
    },
    {
      "description": "Ajout r\u00e9f\u00e9rence CVE",
      "revision_date": "2025-04-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synacor Zimbra Collaboration. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Vuln\u00e9rabilit\u00e9 dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.0.13",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13"
    },
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 9.0.0 Patch 44",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44"
    },
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.1.5",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5"
    }
  ]
}

CERTFR-2025-AVI-0074

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Synacor Zimbra Collaboration. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Synacor	Zimbra Collaboration	Zimbra Collaboration versions 9.0.0.x antérieures à 9.0.0 Patch 44
Synacor	Zimbra Collaboration	Zimbra Collaboration versions 10.0.x antérieures à 10.0.13
Synacor	Zimbra Collaboration	Zimbra Collaboration versions 10.1.x antérieures à 10.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité Synacor Zimbra Collaboration 10.0.13	2025-01-27	vendor-advisory
Bulletin de sécurité Synacor Zimbra Collaboration 9.0.0 Patch 44	2025-01-27	vendor-advisory
Bulletin de sécurité Synacor Zimbra Collaboration 10.1.5	2025-01-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Zimbra Collaboration versions 9.0.0.x ant\u00e9rieures \u00e0 9.0.0 Patch 44",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.0.x ant\u00e9rieures \u00e0 10.0.13",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    },
    {
      "description": "Zimbra Collaboration versions 10.1.x ant\u00e9rieures \u00e0 10.1.5",
      "product": {
        "name": "Zimbra Collaboration",
        "vendor": {
          "name": "Synacor",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-27915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27915"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0074",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-28T00:00:00.000000"
    },
    {
      "description": "Ajout r\u00e9f\u00e9rence CVE",
      "revision_date": "2025-04-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synacor Zimbra Collaboration. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Vuln\u00e9rabilit\u00e9 dans Synacor Zimbra Collaboration",
  "vendor_advisories": [
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.0.13",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13"
    },
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 9.0.0 Patch 44",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44"
    },
    {
      "published_at": "2025-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Synacor Zimbra Collaboration 10.1.5",
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-27915 (GCVE-0-2025-27915)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

GHSA-5RG8-G76J-7FW7

FKIE_CVE-2025-27915

CERTFR-2025-AVI-0074

Solutions

CERTFR-2025-AVI-0074

Solutions

Tags

Sightings

Nomenclature