COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-66376

CVE-2025-66376

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-18
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-66376
⌖ exploited in the wild shame 65/100 exploited-in-wildransomwareunpatched

Synacor ZCS Classic UI XSS via CSS @import in email HTML is actively exploited and linked to ransomware campaigns.

Attackers can inject malicious CSS to execute scripts in the Zimbra Classic UI email interface, enabling credential theft or lateral movement. DIB orgs must patch immediately as this is an actively exploited vulnerability with no disclosed FCA settlement, indicating widespread, avoidable exposure.

Shame score — Active exploitation of a known vulnerability in a widely deployed collaboration suite without a disclosed FCA settlement suggests prolonged neglect or insufficient vendor response.

Players implicated

Synacor · vendorZimbra Collaboration Suite (ZCS) · product

Description

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.