AI description
CVE-2025-66376 is a stored Cross-Site Scripting (XSS) vulnerability found in Zimbra Collaboration (ZCS) affecting its Classic UI component. This flaw enables attackers to inject malicious scripts into the system through specially crafted HTML email messages. The vulnerability specifically exploits the way the Classic UI processes Cascading Style Sheets (CSS) `@import` directives embedded within these emails. When a user views a malicious email in the vulnerable Classic UI, the injected script can execute within the context of their browser session. This vulnerability is categorized under CWE-79, which refers to improper neutralization of input during web page generation, stemming from insufficient sanitization of CSS content in HTML email messages. Affected versions include Zimbra Collaboration (ZCS) 10 prior to version 10.0.18 and ZCS 10.1 prior to version 10.1.13.
- Description
- Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- zimbra_collaboration_suite
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
- Exploit added on
- Mar 18, 2026
- Exploit action due
- Apr 1, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-79
- Hype score
- Not currently trending
Alerta crítica en SharePoint y Zimbra: CISA añade el nuevo vector CVE-2025-66376 a su catálogo de amenazas https://t.co/iT3nHIXQ3J
@KernelReload
3 Apr 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 26/03/18:Zimbra Collaboration の脆弱性 CVE-2025-66376 を登録 https://t.co/Ds2QRm4quK Zimbra Collaboration Suite (ZCS) の深刻な脆弱性 CVE-2025-66376 が、CISA KEV カタログに登録されました。この脆弱性は、すでに実際の攻撃
@iototsecnews
26 Mar 2026
149 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-66376: Zimbra Classic UI Stored XSS - What It Means for Your Business and How to Respond https://t.co/qewYjrBaZi
@integ_sec
25 Mar 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-66376: Zimbra XSS in CISA KEV—episode 47. Stored XSS = session theft → mailbox access. Still running unpatched Zimbra? Attackers have been reading your emails longer than your CISO. How many CISA alerts before it becomes priority?
@CisoRaging77913
23 Mar 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA adds #SharePoint (CVE-2026-20963) & #Zimbra (CVE-2025-66376) flaws to its Known Exploited Vulnerabilities catalogue. #CyberSecurity #InfoSec https://t.co/1UfijloBse https://t.co/cPiEijS3Mp
@twelvesec
23 Mar 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alerte CISA : Exploitation Active de la Faille XSS Critique CVE-2025-66376 sur Synacor Zimbra
@NicolasCoolman
22 Mar 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: Zimbra Collaboration Suite Stored XSS via CSS @import Active Exploitation (CVE-2025-66376) -- Operation GhostMail. 9 detections, 18 IOCs. https://t.co/kg7Y7cuxoS #ThreatIntel #CyberSecurity https://t.co/YMz2yYh1Xd
@threadlinqs
22 Mar 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA has ordered USA government agencies to secure their servers against an actively exploited vulnerability (CVE-2025-66376) in the Zimbra Collaboration Suite #CyberSecurity #InfoSec https://t.co/1zbH8xJbJK https://t.co/TCpJl6h0hH
@twelvesec
21 Mar 2026
124 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Iran-linked Handala returns with a new domain after U.S. seizures, tied to MOIS. Stryker wipes linked, APT28 exploits Zimbra CVE-2025-66376 on Ukrainian gov mail, Interlock ransomware abuses Cisco zero-day. #IranOps #Ukraine #CiscoExploit https://t.co/KGsD0mDOqA
@TweetThreatNews
21 Mar 2026
283 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT28 is still exploiting Zimbra vulnerabilities against Ukrainian government targets. If you thought patching was optional, this is your reminder. CVE-2025-66376: Stored XSS in Zimbra Collaboration Suite leading to RCE. Patched November 2025. APT28 (Russia/GRU) actively
@DeusLogica
21 Mar 2026
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT28 is still exploiting Zimbra vulnerabilities against Ukrainian government targets. If you thought patching was optional, this is your reminder. CVE-2025-66376: Stored XSS in Zimbra Collaboration Suite leading to RCE. Patched November 2025. APT28 (Russia/GRU) actively
@DeusLogica
21 Mar 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#Russian #APT targets #Ukraine via #Zimbra #XSS #vulnerabilities #flaw CVE-2025-66376 https://t.co/MpU0fDs08b https://t.co/wlfGxXTPG6
@omvapt
20 Mar 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Seqrite Labs reveals Operation GhostMail: a zero-click attack exploiting CVE-2025-66376 in Zimbra to hijack Ukrainian State Hydrology Agency webmail via obfuscated JavaScript in HTML-only emails. #OperationGhostMail #APT28 #Ukraine https://t.co/0XJQOQa4tb
@TweetThreatNews
20 Mar 2026
172 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA urges gov agencies to patch two exploited flaws: CVE-2025-66376 in Synacor Zimbra (score 7.2) & SharePoint, to prevent active attacks. Act now to stay secure. https://t.co/F4bQ8dwNk8
@technoholic_me
20 Mar 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Intel Report [HIGH] - Russia-linked threat actor APT28 (also known as Fancy Bear, Sednit, BlueDelta, and STRONTIUM), attributed to GRU Unit 26165, is actively exploiting a high-severity stored cross-site scripting (XSS) vulnerability (CVE-2025-66376,... https://t.co/nPPE5kO9wn
@EnigmaGlobalSW
20 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT28-linked Operation GhostMail exploits CVE-2025-66376 (Zimbra XSS) to target a Ukrainian gov entity. Browser-based JS stealer harvests creds, tokens, 2FA codes, and mailbox data, exfiltrating via DNS/HTTPS and abusing SOAP APIs. https://t.co/D8lgkDSm66
@MeridianEU
20 Mar 2026
88 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性を1件カタログに追加 https://t.co/UqWK3UqDPS CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) のクロスサイトスクリプティング脆弱性
@cybersecnews_jp
20 Mar 2026
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#APT28 + CVE-2025-66376 Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message. https://t.co/uj7kLbb2lk https://t.co/C7K8rwpciT
@blackorbird
20 Mar 2026
1842 Impressions
7 Retweets
16 Likes
13 Bookmarks
0 Replies
0 Quotes
APT28は、Zimbraのstored XSS脆弱性 CVE-2025-66376 を使って、ウクライナ政府系組織のメール環境を狙っている。重要なのは、添付ファイルも不審リンクも使わず、HTMLメール本文だけで資格情報、セッショントークン
@01ra66it
20 Mar 2026
328 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛰️ CYBER ESPIONAGE: Russian APT28 hackers exploited Zimbra flaw CVE-2025-66376 in attacks targeting Ukrainian government entities. Researchers say the campaign used specially crafted HTML email content to compromise vulnerable Zimbra webmail sessions. Email platforms remai
@CyberAlertsHQ
19 Mar 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376 Intel Report: https://t.co/CqR0l4VKY9
@cyberbivash
19 Mar 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376 Intel Report: https://t.co/U6Qqt8qxq1
@cyberbivash
19 Mar 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA orders feds to patch Zimbra XSS flaw exploited in attacks (CVE-2025-66376) https://t.co/hklfVBYLN5 #patchmanagement
@eyalestrin
19 Mar 2026
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks https://t.co/6CTp1cU8ZS CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, thi
@f1tym1
19 Mar 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-66376 ⚠️ Zimbra Collaboration Suite – Actively Exploited XSS (CISA KEV) CISA has added CVE-2025-66376 to its KEV catalogue following evidence of active exploitation impacting Synacor Zimbra Collaboration Suite deployments. The flaw is a stored cross-site sc
@modat_magnify
19 Mar 2026
148 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbraの脆弱性が悪用され、メールを開くだけで情報が盗まれる攻撃が確認された。HTMLメールに仕込まれたスクリプトが動作し、政府機関を狙う高度なスパイ活動に発展している。 問題はCVE-2025-66376として追
@yousukezan
19 Mar 2026
1428 Impressions
2 Retweets
9 Likes
5 Bookmarks
0 Replies
0 Quotes
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376 https://t.co/346f1FjgYY
@hackplayers
19 Mar 2026
333 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376: Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity… https://t.co/0GIp9Z1CO
@shah_sheikh
19 Mar 2026
120 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Security Affairs] Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376. Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor... https://t.co/uQaezOelEF
@shah_sheikh
19 Mar 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New KEV alert. CISA adds Zimbra XSS flaw (CVE-2025-66376). Actively exploited. Patch priority = critical. Follow @TechNadu Thoughts? #CyberSecurity https://t.co/J95yjv4b8g
@TechNadu
19 Mar 2026
147 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Russian #APT targets Ukraine via #Zimbra XSS flaw CVE-2025-66376 https://t.co/PJLZy5bjVR #securityaffairs #hacking #Russia @Seqrite
@securityaffairs
19 Mar 2026
392 Impressions
4 Retweets
7 Likes
1 Bookmark
1 Reply
0 Quotes
csirt_it: ‼️ #Exploited: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-66376, che interessa #ZimbraCollaborationSuite #ZCS Rischio: 🟠 Tipologia: 🔸 Security Restrictions Bypass 🔗https://t.co/kTtchINRxv ⚠️ Importante mantenere… https:/
@Vulcanux_
19 Mar 2026
108 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
‼️ #Exploited: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-66376, che interessa #ZimbraCollaborationSuite #ZCS Rischio: 🟠 Tipologia: 🔸 Security Restrictions Bypass 🔗https://t.co/gKytSHhS36 ⚠️ Importante mantenere aggiornati i sistemi
@csirt_it
19 Mar 2026
224 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Rus Hackerlar Zimbra Açığı ile Ukrayna Denizcilik Ajansı'nı Hackledi APT28, CVE-2025-66376 XSS açığını kullanarak e-posta gövdesine exploit gömdü. 90 günlük posta verisi çalındı. #APT28 #Zimbra #Ukrayna 🔗 https://t.co/HvBpiAjqER
@shtc_social
19 Mar 2026
125 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Atenção! A vulnerabilidade CVE-2025-66376 no Synacor Zimbra Collaboration Suite permite XSS via CSS @import em emails. Aplique as mitigações recomendadas pelo fornecedor ou descontinue o uso do produto. Prazo até 01/04/2026! #CyberSecurity #InfoSec #CVE
@fernandokarl
19 Mar 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Falha crítica no Zimbra (CVE-2025-66376): CISA emite alerta urgente https://t.co/qJi8KBenRC
@SempreUpdate
19 Mar 2026
122 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA orders U.S. agencies to patch actively exploited Zimbra XSS bug CVE-2025-66376 by April 1, 2026. Flaw enables remote JavaScript via malicious emails. #XSS https://t.co/7E9OTCR5LL
@threatcluster
19 Mar 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google warns iPhone users about a new exploit kit used by spyware vendors and suspected state actors to plant info-stealing malware. CISA adds CVE-2025-66376 affecting Synacor Zimbra Collabora to its Known Exploited Vulnerabilities Catalog due to active exploitation.
@NewsNerdie
19 Mar 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت CISA تحذيرًا بتطبيق التصحيحات لثغرتين في Zimbra Collaboration Suite وSharePoint، إذ استُغلتا فعليًا في العالم الحقيقي. تشمل الثغرات CVE-2025-66376 (CVSS 7.2) ثغرة XSS مخزنة، إض
@Cybercachear
19 Mar 2026
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👁️FBIが米国民の位置情報データを購入、長官認める ⚠️米CISA、ZimbraのXSS脆弱性に対処すべくパッチ適用を指示(CVE-2025-66376) 〜サイバーアラート3月19日〜 https://t.co/TzjnogP0fN
@MachinaRecord
19 Mar 2026
151 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(3/18追加) 🛡️No.1545 CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability ✅概要 ・深刻度:重要⚠️ 7.2 (CVSS Base) / MITRE (CNA)
@piyokango
19 Mar 2026
3332 Impressions
1 Retweet
6 Likes
0 Bookmarks
0 Replies
1 Quote
CISA adds actively exploited Microsoft SharePoint RCE (CVE-2026-20963) and Zimbra XSS (CVE-2025-66376) to its KEV catalog. Update your systems immediately. #CISA #KEVCatalog #SharePoint #Zimbra #CyberSecurity #InfoSec #CVE #RCE #Vulnerability #PatchAlert https://t.co/ovtcE5to4p
@the_yellow_fall
19 Mar 2026
634 Impressions
2 Retweets
5 Likes
2 Bookmarks
0 Replies
1 Quote
🚨CISA adds exploited SharePoint and Zimbra flaws to KEV catalog CISA added CVE-2026-20963 in Microsoft SharePoint and CVE-2025-66376 in Zimbra Collaboration Suite to its Known Exploited Vulnerabilities catalog, confirming in-the-wild exploitation and setting federal remediatio
@ThreatSynop
19 Mar 2026
224 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、SharePoint ServerのCVE-2026-20963とZimbraのCVE-2025-66376を別々に追加。対処期限はSharePointが緊急の3/21、Zimbraが通常の4/1。ラ
@__kokumoto
19 Mar 2026
871 Impressions
0 Retweets
1 Like
2 Bookmarks
1 Reply
0 Quotes
CISA mandates federal agencies to patch Zimbra Collaboration Suite servers by April 1 due to active exploitation of a stored XSS flaw via CSS @import in HTML emails (CVE-2025-66376). #ZimbraFlaw #USFed #XSSVulnerability https://t.co/51418eAjyA
@TweetThreatNews
18 Mar 2026
222 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ACTIVE EXPLOITATION: CISA orders federal agencies to patch Zimbra XSS flaw CVE-2025-66376 after attacks in the wild. The vulnerability affects Zimbra Collaboration Suite and can be triggered through malicious HTML email content in the Classic UI. Email platforms remain a
@CyberAlertsHQ
18 Mar 2026
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE Alert: CVE-2025-66376 - Zimbra - Collaboration - https://t.co/LWb0ikShDs #OSINT #ThreatIntel #CyberSecurity #cve-2025-66376 #zimbra #collaboration
@RedPacketSec
18 Mar 2026
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAは、Zimbra Collaborationのstored XSS脆弱性 CVE-2025-66376 をKEVに追加し、連邦機関に優先対応を求めた。重要なのは、単なる理論上のXSSではなく、実際に悪用が確認されている点。 この脆弱性は、Classic UIでHTMLメ
@01ra66it
18 Mar 2026
271 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CISA: Zimbra XSS Açığını Yamayın Federal kurumlara 1 Nisan'a kadar yama emri. CVE-2025-66376 aktif sömürülüyor. #CISA #Zimbra #SiberGüvenlik 🔗 https://t.co/2opFdZYYUQ
@shtc_social
18 Mar 2026
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️CISA has added 2 vulnerabilities to the KEV Catalog https://t.co/9idGUAHIKd CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability. CVSS: 7.1 CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability. CVSS:
@DarkWebInformer
18 Mar 2026
3667 Impressions
6 Retweets
17 Likes
5 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D423DB3-FCD4-445F-A778-BC5F83E01953",
"versionEndExcluding": "10.0.18",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3F6B1E-1671-461B-A093-7B6854C227FE",
"versionEndExcluding": "10.1.13",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]