Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-48700

KEV EPSS 18.76% · P95
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-48700

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zimbra Collaboration 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zimbra Collaboration是Zimbra公司的一个开源企业级电子邮件与协作平台,支持邮件、日历、文档管理及团队协作功能。 Zimbra Collaboration 8.8.15版本、9.0版本、10.0版本和10.1版本存在安全漏洞,该漏洞源于HTML内容清理不足导致跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2025-48700

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-48700

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-06-23 · 18 CVEs total

CVE-2025-65165.3 MEDIUMHDF5 H5Fint.c H5F_addr_decode_len heap-based overflow
CVE-2023-47297NCR Atleos Terminal Handler 安全漏洞
CVE-2025-23092Mitel OpenScape Accounting Management 安全漏洞
CVE-2025-46101Beakon Learning Management System Sharable Content Object Reference Model 安全漏洞
CVE-2025-50349PHPGurukul Pre-School Enrollment System Project 安全漏洞
CVE-2025-50348PHPGurukul Pre-School Enrollment System Project 安全漏洞
CVE-2025-44528Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 安全漏洞
CVE-2025-48026Mitel OpenScape Xpressions 安全漏洞
CVE-2023-47294NCR Atleos Terminal Handler 安全漏洞
CVE-2023-48978NCR Atleos ITM Web terminal 安全漏洞
CVE-2023-47298NCR Atleos Terminal Handler 安全漏洞
CVE-2023-47031NCR Atleos Terminal Handler 安全漏洞
CVE-2023-47030NCR Atleos Terminal Handler 安全漏洞
CVE-2023-47029NCR Atleos Terminal Handler 安全漏洞
CVE-2023-47032NCR Atleos Terminal Handler 安全漏洞
CVE-2023-47295NCR Atleos Terminal Handler 安全漏洞
CVE-2023-50450Sensopart VISOR Vision Sensors 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2025-48700

No comments yet

Leave a comment