CYBER THREAT ASSESSMENT - ZIMBRA COLLABORATION SUITE A cross-site scripting vulnerability has been identified in Synacor Zimbra Collaboration Suite (ZCS) designated CVE-2025-48700, enabling attackers to inject and execute arbitrary JavaScript code within authenticated user sessions. The vulnerability permits unauthorized access to sensitive information stored within affected ZCS instances and represents a material risk to organizations operating email and collaboration infrastructure on the platform. Exploitation requires minimal prerequisites and is assessed as viable against default or partially patched deployments. CISA has listed this vulnerability in the Known Exploited Vulnerabilities catalog, indicating active threat intelligence regarding weaponization attempts.