CISA Added Zimbra Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-66376)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations and users about active exploitation of a vulnerability impacting Synacor Zimbra Collaboration Suite (ZCS). CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before April 1, 2026. CISA also warned users to follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Tracked as CVE-2025-66376, Syncor patched the vulnerability in November 2025.
Zimbra Collaboration Suite (ZCS) is an open-source, enterprise-grade email and collaboration platform that provides email, calendaring, file sharing, and task management. It serves hundreds of millions of users globally, offering flexible deployment options—on-premises, cloud, or hybrid—making it a popular alternative to Microsoft Exchange and Google Workspace, especially for organizations requiring high data sovereignty and security.
The cross-site scripting vulnerability exists in the Classic UI of ZCS. Upon successful exploitation of the vulnerability, an attacker could exploit Cascading Style Sheets (CSS) @import directives in email HTML.
Affected Versions
The vulnerability affects the following Zimbra Collaboration Suite versions:
- Zimbra Collaboration Suite versions before 10.1.13
- Zimbra Collaboration Suite versions before 10.0.18
Mitigation
The vendor released updates to patch the vulnerability.
For more information, please refer to the Zimbra Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QIDs 386229 and 530807 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
Comments are closed.