Stored XSS Vulnerability in Zimbra Collaboration by Zimbra
CVE-2025-66376

7.2HIGH

Key Information:

Vendor: Zimbra
Status: Collaboration
Vendor: CVE Published:; 5 January 2026

Badges

📈 Score: 336💰 Ransomware👾 Exploit Exists🟣 EPSS 11%🦅 CISA Reported📰 News Worthy

What is CVE-2025-66376?

CVE-2025-66376 is a stored cross-site scripting (XSS) vulnerability found in Zimbra Collaboration Suite (ZCS), specifically impacting versions 10 prior to 10.0.18 and 10.1 prior to 10.1.13. Zimbra Collaboration is an open-source platform primarily used for email hosting and collaboration, offering tools such as email, calendar, and file sharing. The vulnerability can be exploited through manipulated HTML email messages containing Cascading Style Sheets (CSS) @import directives, allowing an attacker to execute arbitrary scripts within the context of a user's browser. This compromise can lead to the theft of sensitive user information, unauthorized actions performed on behalf of users, or the delivery of further malicious payloads.

Potential impact of CVE-2025-66376

Data Leakage: Exploitation of this vulnerability permits attackers to access sensitive information stored in the user's session or browser, potentially leading to data breaches and unauthorized access to confidential communications.
Account Compromise: By executing scripts through the stored XSS, attackers could manipulate user sessions, allowing them to perform actions as authenticated users, which may include changing account settings or sending emails without the user's consent.
Malware Propagation: Successful exploitation could be leveraged to distribute malware or phishing attempts to other users, compounding the risk of infection and increasing the attack surface of the organization as more users may fall victim to follow-up attacks.

CISA has reported CVE-2025-66376

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-66376 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Collaboration 10.0 < 10.0.18

Collaboration 10.1 < 10.1.13

News Articles

BleepingComputer

CVE-2025-66376

Russian hackers exploit Zimbra flaw in Ukrainian govt attacks

Hackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities.

3 days ago