Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-27915

KEV EPSS 26.05% · P96
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-27915

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zimbra Collaboration Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zimbra Collaboration Server(ZCS)是Zimbra公司的一套电子邮件和协作解决方案。该方案提供电子邮件、联系人、日历、文件共享、社交网络等功能。 Zimbra Collaboration Server 9.0版本、10.0版本和10.1版本存在安全漏洞,该漏洞源于Classic Web Client对ICS文件中的HTML内容清理不足,可能导致存储型跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2025-27915

#POC DescriptionSource LinkShenlong Link
1Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event inside a details tag, allowing attackers to perform unauthorized actions like email redirection and data exfiltration. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-27915.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-27915

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-03-12 · 14 CVEs total

CVE-2025-257118.8 HIGHDTP tNexus Airport View 安全漏洞
CVE-2025-257097.5 HIGHDTP tNexus Airport View 安全漏洞
CVE-2025-27914Zimbra Collaboration Server 安全漏洞
CVE-2024-27763BasicSR 安全漏洞
CVE-2025-26260Plenti 安全漏洞
CVE-2025-25565SoftEther VPN 安全漏洞
CVE-2025-25566SoftEther VPN 安全漏洞
CVE-2025-25568SoftEther VPN 安全漏洞
CVE-2025-25567SoftEther VPN 安全漏洞
CVE-2025-25683AlekSIS-Core 安全漏洞
CVE-2025-25774Open5GS 安全漏洞
CVE-2024-34398BMC Remedy Mid Tier 安全漏洞
CVE-2025-25975parse-git-config 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2025-27915

No comments yet

Leave a comment