CVE-2025-27915 [Exploited] | Synacor Zimbra Collaboration Suite XSS

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.

EDB-ID	Source	Kind	Published	Link
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-21	22.20%	26.05%	+3.85%
2	2026-04-20	17.20%	22.20%	+5.00%
3	2026-04-10	—	17.20%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-04-21

22.20%

26.05%

+3.85%

2026-04-20

17.20%

22.20%

+5.00%

2026-04-10

—

17.20%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.4	3.1	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:R) A real person has to do something—click, install, enable—otherwise it doesn’t land. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:L) Attackers could change some data, but it’s limited—not everything goes. Availability (A:N) Service keeps running; no real outage angle.	2.3	2.7	134c704f-9b21-4f2e-91b3-4a467353bcc0

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.4

3.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:R): A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L): Some sensitive info could get out, but not a total data dump.
Integrity (I:L): Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N): Service keeps running; no real outage angle.

2.3

2.7

134c704f-9b21-4f2e-91b3-4a467353bcc0

Affected software / configurations for CVE-2025-27915

Vendor	Product	Version	Raw CPE
synacor	zimbra_collaboration_suite	>= 10.0.0, < 10.0.13	cpe:2.3:a:synacor:zimbra_collaboration_suite::::::::
synacor	zimbra_collaboration_suite	>= 10.1.0, < 10.1.5	cpe:2.3:a:synacor:zimbra_collaboration_suite::::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p27::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p28::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p29::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p30::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p31::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p32::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p33::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p34::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p35::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p36::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p37::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p38::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p39::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p40::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p41::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p42::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p43::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8::::::
synacor	zimbra_collaboration_suite	9.0.0	cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9::::::

References for CVE-2025-27915

URL	Tags
https://wiki.zimbra.com/wiki/Security_Center	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes	Release Notes
https://strikeready.com/blog/0day-ics-attack-in-the-wild/	Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915	US Government Resource

URL

CVE-2025-27915

CISA KEV Record for CVE-2025-27915

Public exploit references (Exploit-DB) for CVE-2025-27915

Exploit prediction scoring system (EPSS) score for CVE-2025-27915

Common vulnerability scoring system (CVSS) metrics for CVE-2025-27915

Weakness enumeration for CVE-2025-27915

Affected software / configurations for CVE-2025-27915

References for CVE-2025-27915