ACCORDING to Known Exploited Vulnerabilities Catalog, the page currently lists a single entry: Synacor | Zimbra Collaboration Suite (ZCS) with CVE-2025-48700, a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user’s session and potentially access sensitive information. The entry notes a related CWE of CWE-79 and states that it is unknown whether it has been used in ransomware campaigns.
Mitigations are advised by applying vendor instructions, following guidance for cloud services under BOD 22-01, or discontinuing use of the product if mitigations are unavailable. Date Added is 20 April 2026 and the due date is 23 April 2026. Additional notes reference Zimbra advisories and the NVD entry for CVE-2025-48700.