CISA has added CVE-2025-27915 — a stored cross-site scripting (XSS) bug in the Classic Web Client of Synacor’s Zimbra Collaboration Suite (ZCS) — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging immediate remediation by federal agencies and...