Synacor

https://www.synacor.com
https://www.linkedin.com/company/synacor

Synacor is a privately owned company headquartered in the US. Founded in 1998, the company employs approximately 210 individuals. Functioning as a cloud-based software and services company, Synacor specializes in providing technology platforms including email and collaboration platforms, and cloud-based identity management. Synacor primarily serves global video, content, entertainment, internet and communications providers, device manufacturers, governments, and enterprises.

Revenue

Founded

1998

Headcount

209

Headquarters

Primary Segment

Software Development

Ownership

Privately Owned

Deployments

News Summary:

On March 19, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild abuse and setting an April 1, 2026, remediation deadline for federal agencies. This followed CISA's urgent order on March 18, 2026, for federal agencies to patch a high-severity cross-site scripting (XSS) vulnerability, identified as CVE-2025-66376, in Zimbra Collaboration Suite, also with an April 1 deadline, after confirming its active exploitation. Previously, on December 22, 2025, the Federal Office for Information Security (BSI) published a security warning for Synacor Zimbra, detailing multiple vulnerabilities that could enable attacks on Linux and UNIX operating systems. Earlier, in October 2025, CISA issued urgent alerts and critical warnings regarding an actively exploited zero-day cross-site scripting (XSS) vulnerability (CVE-2025-27915) in Synacor’s Zimbra Collaboration Suite, specifically impacting the ZCS Classic Web Client and posing significant risks to organizations.

Similar Companies

Subscribe for full access to Synacor's profile

Subscribe for full access to Synacor's products in full detail

Subscribe for full access to Synacor's revenue in full detail

Mar

19th

2026

04:28

B2B Tag

CISA Warns of Actively Exploited Zimbra Collaboration Suite Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, signaling confirmed in-the-wild abuse. Federal agencies and organizations leveraging the platform have been given a strict remediation deadline of April 1, 2026, underscoring the urgency of patching systems exposed to active exploitation.

Cyber Press

Mar

17th

2026

18:30

B2B Tag

CISA Orders Emergency Patch for Exploited Zimbra XSS Flaw CISA Mandates Emergency Patching for Actively Exploited Zimbra XSS Vulnerability

Federal agencies have received urgent orders to patch a high-severity cross-site scripting vulnerability in Zimbra Collaboration Suite following confirmation of active exploitation in the wild. The Cybersecurity and Infrastructure Security Agency added CVE-2025-66376 to its Known Exploited Vulnerabilities catalog on March 18, 2026, giving government organizations until April 1 to implement necessary fixes.

Blogarama

Jan

2nd

2026

05:05

B2B Tag

IT Security: Linux and UNIX threatened - IT Security vulnerability in Synacor Zimbra with high risk! Warning receives update

[Translated] The Federal Office for Information Security (BSI) published a security warning for Synacor Zimbra on December 22, 2025. The software contains several vulnerabilities that enable an attack. Affected by the security vulnerability are the operating systems Linux and UNIX, as well as the product Synacor Zimbra.

News (de)

Oct

9th

2025

07:06

Partnerships and Alliances, CT_Monitor Company

CISA Warns of Actively Exploited Zero-Day XSS Flaw in Zimbra Collaboration Suite

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent alert concerning an actively exploited zero-day vulnerability in the Zimbra Collaboration Suite (ZCS). The flaw, identified as CVE-2025-27915, is a cross-site scripting (XSS) vulnerability that impacts the ZCS Classic Web Client.

The Cyber Express

Oct

8th

2025

08:08

Partnerships and Alliances, Regulatory and Legal, CT_Monitor Company

CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks

CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), designated as CVE-2025-27915. This vulnerability has been actively exploited in attacks and poses significant risks to organizations using the popular email and collaboration platform.

Cyber Security News

Oct

6th

2025

18:30

New Offerings, CT_Monitor Company

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Cybersecurity and Infrastructure Security Agency (US)

Jul

8th

2025

15:36

Synacor

Synacor's Zimbra Collaboration Suite (ZCS) has a critical vulnerability (CVE-2019-9621) that allows attackers to manipulate the server into making unauthorized requests to internal or external resources, potentially exposing sensitive data and compromising network security. The vulnerability, classified under CWE-918 and CWE-807, is being actively exploited and poses significant risks to organizations using the platform.

Rankiteo

Jul

8th

2025

09:48

Partnerships and Alliances, Regulatory and Legal,

CISA Warns of Zimbra Collaboration Suite (ZCS) Vulnerability Exploited in Attacks

CISA has issued an urgent warning regarding a critical vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS) that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2019-9621, poses significant risks to organizations using the popular email and collaboration platform.

Cyber Security News

Jul

6th

2025

18:30

New Offerings,

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2014-3931 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability CVE-2016-10033 PHPMailer Command Injection Vulnerability CVE-2019-5418 Rails Ruby on Rails Path Traversal Vulnerability CVE-2019-9621 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Cybersecurity and Infrastructure Security Agency (US)

May

20th

2025

11:25

Latest Security Advisory Critical Vulnerabilities Ivanti

Multiple vulnerabilities have been detected in widely used software and systems, specifically in Ivanti Endpoint Manager Mobile (EPMM), MDaemon Email Server, Srimax Output Messenger, Synacor Zimbra Collaboration Suite (ZCS), and ZKTeco BioTime. A new advisory by the Cybersecurity and Infrastructure Security Agency (CISA) highlights these vulnerabilities, which were identified through the Common Vulnerabilities and Exposures (CVE) naming system and assigned severity levels via the Common Vulnerability Scoring System (CVSS).

Cyble

Feb

27th

2025

13:21

Partnerships and Alliances, Negative News,

CISA Adds Critical Microsoft, Synacor Zero-Days to KEV List

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day flaws impacting the Microsoft Partner Center website and Synacor Zimbra Collaboration Suite, according to SC Media Attacks leveraging the Microsoft Partner Center site's improper access control flaw, tracked as CVE-2024-49035, could facilitate escalated privileges without authentication, noted Microsoft, which initially reported its active exploitation in November.

ChannelE2E

Feb

26th

2025

22:59

Partnerships and Alliances,

Critical Microsoft, Synacor zero-days face active exploitation, CISA says

Critical zero-day vulnerabilities in the Microsoft Partner Center website and Synacor Zimbra Collaboration Suite (ZCS) have been added to the Known Exploited Vulnerabilities (KEV) catalog by the Cybersecurity and Infrastructure Security Agency (CISA) Tuesday. The Microsoft Partner Center vulnerability tracked as CVE-2024-49035 can enable privilege escalation by an unauthenticated attacker, while the Synacor ZCS flaw tracked as CVE-2023-34192 allows for cross site scripting (XSS) by a remote authenticated attacker.

Scworld

Synacor's customers primarily consist of broadcast television and radio companies. Examples of Synacor's customers include Altitude Sports & Entertainment and ABS-CBN.

Analysis

Data

Analysis

Data

Synacor

Revenue

Founded

Headcount

Headquarters

Primary Segment

Ownership

Deployments

News Summary:

Similar Companies

Example Customers

Example Partners

Analyst insight reports