Zimbra Collaboration Suite Information Disclosure Vulnerability

Release Date: 21 Apr 2026

RISK: High Risk

TYPE: Servers - Internet App Servers

A vulnerability has been identified in Zimbra Collaboration Suite. A remote attacker could exploit this vulnerability to trigger cross-site scripting and sensitive information disclosure the targeted system.

 

Note:

CVE-2025-48700 is being exploited in the wild. This vulnerability could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. Hence, the risk level is rated as High Risk.

---

Impact

• Cross-Site Scripting
• Information Disclosure

---

System / Technologies affected

• Prior to Version 9.0.0 Patch 43

• Prior to Version 10.0.12

• Prior to Version 10.1.4

• Prior to Version 8.8.15 Patch 47

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• Version 9.0.0 Patch 43
• Version 10.0.12
• Version 10.1.4
• Version 8.8.15 Patch 47

---

Vulnerability Identifier

• CVE-2025-48700

---

Source

• Zimbra

---

Related Link

• https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
• https://www.cisa.gov/news-events/alerts/2026/04/20/cisa-adds-eight-known-exploited-vulnerabilities-catalog