Wiz
Vulnerability DatabaseCVE-2025-27915

CVE-2025-27915
Zimbra Collaboration Server vulnerability analysis and mitigation

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a

tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.

SourceNVD

Related Zimbra Collaboration Server vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2024-45519CRITICAL9.8
  • Zimbra Collaboration ServerZimbra Collaboration Server
  • cpe:2.3:a:zimbra:collaboration
YesYesOct 02, 2024
CVE-2024-45518HIGH8.8
  • Zimbra Collaboration ServerZimbra Collaboration Server
  • cpe:2.3:a:zimbra:collaboration
NoYesOct 22, 2024
CVE-2024-45515MEDIUM6.1
  • Zimbra Collaboration ServerZimbra Collaboration Server
  • cpe:2.3:a:zimbra:collaboration
NoYesJul 30, 2025
CVE-2025-27915MEDIUM5.4
  • Zimbra Collaboration ServerZimbra Collaboration Server
  • cpe:2.3:a:zimbra:collaboration
YesYesMar 12, 2025
CVE-2025-27914MEDIUM5.4
  • Zimbra Collaboration ServerZimbra Collaboration Server
  • cpe:2.3:a:zimbra:collaboration
NoYesMar 12, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo