VulnerabilitiesCritical
CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
Thursday, March 19, 2026
Global
CISA KEV - CVE-2025-66376
Summary
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.
Threat Analysis
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML. This vulnerability is actively exploited in the wild according to CISA. Vendor: Synacor. Product: Zimbra Collaboration Suite (ZCS). Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due Date: 2026-04-01.
Last updated: Mar 19, 2026, 09:20 AM