CVE-2025-66376CVSS 7.2HIGH
The vulnerability is rated HIGH severity due to its potential for remote code execution and the fact that it has been actively exploited by state-sponsored actors targeting Ukraine. The patch exists in recent Zimbra releases, but organizations running older versions are currently exposed until they apply updates.

A Russian state-sponsored threat actor has exploited a high-severity Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration's Classic UI, targeting entities in Ukraine. The flaw, identified as CVE-2025-66376 with a CVSS score of 7.2, impacts versions prior to 10.1.13 and 10.0.18. This XSS vulnerability arises from insufficient sanitization of Cascading Style Sheets (CSS) @import directives in HTML email messages, allowing attackers to reference external resources or inject inline scripts that execute upon the recipient opening an email within a browser. Successful exploitation can lead to remote code execution (RCE), enabling threat actors to compromise user email accounts and the broader Zimbra environment. CISA has listed this vulnerability as part of its Known Exploited Vulnerabilities catalog, emphasizing immediate patching due to active exploitation.

Affected Systems
  • Zimbra Collaboration Suite Classic UI
Affected Versions: All versions before 10.1.13 and all versions before 10.0.18
Remediation
  • Upgrade to Zimbra version 10.1.13 or later for major releases, or 10.0.18 or later for minor releases.
  • Run the following command to update: sudo apt-get update && sudo apt-get install zimbra-core
  • Verify installed version with: zmcontrol -v
Stack Impact

Homelab environments using Zimbra Collaboration Suite Classic UI may be vulnerable if running outdated versions. Config files such as /opt/zimbra/conf/localconfig.xml should be reviewed for necessary updates.

Source →