Vulnerability Details CVE-2025-66376
Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.9%
CVSS Severity
CVSS v3 Score 7.2
Proposed Action
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.
Ransomware Campaign
Unknown
References
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.13#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-66376
Products affected by CVE-2025-66376
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.0
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.1
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.10
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.11
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.12
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.13
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.14
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.15
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.16
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.17
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.2
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.3
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.4
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.5
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.6
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.7
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.8
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.0.9
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.0
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.1
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.10
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.11
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.12
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.2
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.3
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.4
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.5
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.6
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.7
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.8
-
cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.9