Synacor

https://www.synacor.com
https://www.linkedin.com/company/synacor

Synacor is a privately owned company headquartered in the US. Founded in 1998, the company employs approximately 210 individuals. Functioning as a cloud-based software and services company, Synacor specializes in providing technology platforms including email and collaboration platforms, and cloud-based identity management. Synacor primarily serves global video, content, entertainment, internet and communications providers, device manufacturers, governments, and enterprises.

Revenue

Founded

1998

Headcount

209

Headquarters

Primary Segment

Software Development

Ownership

Privately Owned

Deployments

News Summary:

Security researchers confirmed on April 24, 2026, that over 10,000 Zimbra Collaboration Suite (ZCS) instances remain vulnerable online to active exploitation of a critical cross-site scripting (XSS) flaw, CVE-2025-48700. This follows the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding a critical ZCS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 19, 2026, due to confirmed in-the-wild abuse, setting an April 1, 2026, remediation deadline for federal agencies. CISA had previously mandated emergency patching on March 17, 2026, for federal agencies to address a high-severity cross-site scripting vulnerability, CVE-2025-66376, in Zimbra Collaboration Suite, adding it to its KEV catalog. Earlier, on January 2, 2026, the Federal Office for Information Security (BSI) published a security warning on December 22, 2025, concerning multiple high-risk vulnerabilities in Synacor Zimbra software affecting Linux and UNIX operating systems. CISA had also issued an urgent alert on October 9, 2025, regarding an actively exploited zero-day XSS flaw, CVE-2025-27915, impacting the ZCS Classic Web Client.

Similar Companies

Subscribe for full access to Synacor's profile

Subscribe for full access to Synacor's products in full detail

Subscribe for full access to Synacor's revenue in full detail

Apr

24th

2026

04:53

B2B Tag

Over 10,000 Zimbra Servers Exposed to Active XSS Exploits as CVE

Listen to this Post Introduction A serious wave of cybersecurity concern is growing around the Zimbra Collaboration Suite (ZCS), one of the world’s most widely used email and collaboration platforms. Security researchers have confirmed that more than 10,000 Zimbra instances remain exposed online and vulnerable to active exploitation of a critical cross-site scripting (XSS) flaw tracked as CVE-2025-48700.

Undercodenews

Mar

19th

2026

04:28

B2B Tag

CISA Warns of Actively Exploited Zimbra Collaboration Suite Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, signaling confirmed in-the-wild abuse. Federal agencies and organizations leveraging the platform have been given a strict remediation deadline of April 1, 2026, underscoring the urgency of patching systems exposed to active exploitation.

Cyber Press

Mar

17th

2026

18:30

B2B Tag

CISA Orders Emergency Patch for Exploited Zimbra XSS Flaw CISA Mandates Emergency Patching for Actively Exploited Zimbra XSS Vulnerability

Federal agencies have received urgent orders to patch a high-severity cross-site scripting vulnerability in Zimbra Collaboration Suite following confirmation of active exploitation in the wild. The Cybersecurity and Infrastructure Security Agency added CVE-2025-66376 to its Known Exploited Vulnerabilities catalog on March 18, 2026, giving government organizations until April 1 to implement necessary fixes.

Blogarama

Jan

2nd

2026

05:05

B2B Tag

IT Security: Linux and UNIX threatened - IT Security vulnerability in Synacor Zimbra with high risk! Warning receives update

[Translated] The Federal Office for Information Security (BSI) published a security warning for Synacor Zimbra on December 22, 2025. The software contains several vulnerabilities that enable an attack. Affected by the security vulnerability are the operating systems Linux and UNIX, as well as the product Synacor Zimbra.

News (de)

Oct

9th

2025

07:06

Partnerships and Alliances, CT_Monitor Company

CISA Warns of Actively Exploited Zero-Day XSS Flaw in Zimbra Collaboration Suite

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent alert concerning an actively exploited zero-day vulnerability in the Zimbra Collaboration Suite (ZCS). The flaw, identified as CVE-2025-27915, is a cross-site scripting (XSS) vulnerability that impacts the ZCS Classic Web Client.

The Cyber Express

Oct

8th

2025

08:08

Partnerships and Alliances, Regulatory and Legal, CT_Monitor Company

CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks

CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), designated as CVE-2025-27915. This vulnerability has been actively exploited in attacks and poses significant risks to organizations using the popular email and collaboration platform.

Cyber Security News

Oct

6th

2025

18:30

New Offerings, CT_Monitor Company

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Cybersecurity and Infrastructure Security Agency (US)

Jul

8th

2025

15:36

Synacor

Synacor's Zimbra Collaboration Suite (ZCS) has a critical vulnerability (CVE-2019-9621) that allows attackers to manipulate the server into making unauthorized requests to internal or external resources, potentially exposing sensitive data and compromising network security. The vulnerability, classified under CWE-918 and CWE-807, is being actively exploited and poses significant risks to organizations using the platform.

Rankiteo

Jul

8th

2025

09:48

Partnerships and Alliances, Regulatory and Legal,

CISA Warns of Zimbra Collaboration Suite (ZCS) Vulnerability Exploited in Attacks

CISA has issued an urgent warning regarding a critical vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS) that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2019-9621, poses significant risks to organizations using the popular email and collaboration platform.

Cyber Security News

Jul

6th

2025

18:30

New Offerings,

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2014-3931 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability CVE-2016-10033 PHPMailer Command Injection Vulnerability CVE-2019-5418 Rails Ruby on Rails Path Traversal Vulnerability CVE-2019-9621 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Cybersecurity and Infrastructure Security Agency (US)

May

20th

2025

11:25

Latest Security Advisory Critical Vulnerabilities Ivanti

Multiple vulnerabilities have been detected in widely used software and systems, specifically in Ivanti Endpoint Manager Mobile (EPMM), MDaemon Email Server, Srimax Output Messenger, Synacor Zimbra Collaboration Suite (ZCS), and ZKTeco BioTime. A new advisory by the Cybersecurity and Infrastructure Security Agency (CISA) highlights these vulnerabilities, which were identified through the Common Vulnerabilities and Exposures (CVE) naming system and assigned severity levels via the Common Vulnerability Scoring System (CVSS).

Cyble

Feb

27th

2025

13:21

Partnerships and Alliances, Negative News,

CISA Adds Critical Microsoft, Synacor Zero-Days to KEV List

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day flaws impacting the Microsoft Partner Center website and Synacor Zimbra Collaboration Suite, according to SC Media Attacks leveraging the Microsoft Partner Center site's improper access control flaw, tracked as CVE-2024-49035, could facilitate escalated privileges without authentication, noted Microsoft, which initially reported its active exploitation in November.

ChannelE2E

Synacor's customers primarily consist of broadcast television and radio companies. Examples of Synacor's customers include Altitude Sports & Entertainment and ABS-CBN.

Analysis

Data

Analysis

Data

Synacor

Revenue

Founded

Headcount

Headquarters

Primary Segment

Ownership

Deployments

News Summary:

Similar Companies

Example Customers

Example Partners

Analyst insight reports