CVE-2025-66376 — Synacor Zimbra Collaboration Suite (ZCS): Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

March 18, 2026 14:00 /HIGH

CISA KEV vulnerabilitycvecisa-kevactively-exploited

CVE-2025-66376 — Synacor Zimbra Collaboration Suite (ZCS): Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

Image via

CVE-2025-66376 — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

What This Means For You

CISA has confirmed active exploitation — immediate patching required.
Added to CISA KEV catalog — federal agencies must remediate by 2026-04-01.

Indicators of Compromise

ID	Type	Indicator
CVE-2025-66376	XSS	Synacor Zimbra Collaboration Suite (ZCS) Classic UI, abuse of CSS @import directives in email HTML

Source & Attribution

Source Platform	CISA
Channel	CISA KEV
Channel ID	cisa-kev
Message ID	202566376
Published	March 18, 2026 at 14:00 UTC
Original Link	https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Found this interesting? Follow us on LinkedIn to stay ahead.

Follow Shimi Cohen Follow Shimi's Cyber World