vulnerability
Zimbra Collaboration: CVE-2025-27915: Collaboration: Cross-site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | Mar 12, 2025 | Mar 18, 2025 | Feb 6, 2026 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Mar 12, 2025
Added
Mar 18, 2025
Modified
Feb 6, 2026
Description
This patch fixes a critical security vulnerability related to stored cross-site scripting in the Zimbra Classic Web Client. The fix strengthens input sanitization and enhances security. All customers are strongly advised to upgrade to this latest patch version immediately.
Solution
zimbra-collaboration-upgrade-latest
References
- CWE-79
- CVE-2025-27915
- https://attackerkb.com/topics/CVE-2025-27915
- URL-https://wiki.zimbra.com/wiki/Security_Center
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.