Tracked as CVE-2025-66376, this security flaw is currently facing active exploitation in the wild. Organizations utilizing Zimbra must urgently prioritize remediation to prevent unauthorized access and potential data compromise.
The vulnerability is a stored cross-site scripting (XSS) issue in the Classic User Interface of the Zimbra Collaboration Suite.
Threat actors can exploit this weakness by crafting malicious emails containing specifically formatted code. The attack relies on abusing Cascading Style Sheets (CSS) @import directives embedded directly within the HTML body of the email.
When a target opens the malicious message in the Classic UI, the embedded scripts run automatically in the context of the user’s active session.
This execution bypasses standard security boundaries, allowing attackers to potentially harvest session cookies, access sensitive email data, or execute unauthorized commands on behalf of the victim.
While it remains unknown whether this exploit is tied to ongoing ransomware campaigns, its ease of delivery via email makes it a critical threat.
Zimbra addressed this vulnerability in recent patch releases, specifically versions 10.1.13 and 10.0.18. Applying the patch fully mitigates the stored XSS vulnerability. As part of the security overhaul, Zimbra also upgraded the AntiSamy security library to version 1.7.8 and removed outdated, risky code from the platform.
Beyond security fixes, the 10.1.13 update delivers substantial user experience and performance enhancements. Administrators benefit from improved TLS handling, optimized memory management, and faster loading of email threads.
End-users gain a refined Modern Web App experience, featuring improved drag-and-drop file management, reliable copy-paste formatting from Microsoft Office, and enhanced tag organization.
Additionally, the update ensures compatibility with Outlook 2024 and maintains support for Legacy Exchange Web Services (EWS).
In response to the active exploitation, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply the necessary Zimbra patches by April 1, 2026.
Private organizations are strongly encouraged to follow this same deadline. If applying the patch is not possible, CISA recommends discontinuing the use of the vulnerable product immediately.
System administrators must also note that Zimbra version 10.0 officially reached its End of Life (EOL) on December 31, 2025.
Organizations still operating on the 10.0 release cycle must plan an immediate migration to Zimbra 10.1 to maintain security compliance.
Operating on an EOL platform will leave infrastructure permanently exposed to future unpatched vulnerabilities.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks appeared first on Cyber Security News.
Prices at the pump have been climbing, jumping more than $1 a gallon since the…
BIG COUNTRY, Texas (KTAB/KRBC) - In this episode of Carter and Kat’s Weather Chat, our…
ABC has pulled the newest season of "The Bachelorette" amid controversy with its main contestant,…
ABILENE, Texas (KTAB/KRBC) - A mom from Buffalo Gap shared about life as an empty…
Editor’s Note: The Abilene Police Department supplied the following arrest and incident reports. All information…
TAYLOR COUNTY, Texas (KTAB/KRBC) - Dozens of dogs have been rescued from a property in…
This website uses cookies.