cve 2025 27915

CVE-2025-27915 is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client of Synacor's Zimbra Collaboration Suite (ZCS). It has been added to the CISA Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. The flaw affects organizations running Zimbra servers or hosting Zimbra webmail, and immediate patching is urged, especially for federal agencies. Discussions on WindowsForum cover the technical details, impact, and remediation steps for CVE-2025-27915, emphasizing the need for prompt updates to mitigate security risks.