CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks

Home Cyber Security News CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks CISA Warns Zimbra Collaboration Suite Vulnerability Exploit CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, this security flaw is currently facing active exploitation in the wild. Organizations utilizing Zimbra must urgently prioritize remediation to prevent unauthorized access and potential data compromise. The vulnerability is a stored cross-site scripting (XSS) issue in the Classic User Interface of the Zimbra Collaboration Suite. Threat actors can exploit this weakness by crafting malicious emails containing specifically formatted code. The attack relies on abusing Cascading Style Sheets (CSS) @import directives embedded directly within the HTML body of the email. When a target opens the malicious message in the Classic UI, the embedded scripts run automatically in the context of the user’s active session. This execution bypasses standard security boundaries, allowing attackers to potentially harvest session cookies, access sensitive email data, or execute unauthorized commands on behalf of the victim. While it remains unknown whether this exploit is tied to ongoing ransomware campaigns, its ease of delivery via email makes it a critical threat. Zimbra addressed this vulnerability in recent patch releases, specifically versions 10.1.13 and 10.0.18. Applying the patch fully mitigates the stored XSS vulnerability. As part of the security overhaul, Zimbra also upgraded the AntiSamy security library to version 1.7.8 and removed outdated, risky code from the platform. Beyond security fixes, the 10.1.13 update delivers substantial user experience and performance enhancements. Administrators benefit from improved TLS handling, optimized memory management, and faster loading of email threads. End-users gain a refined Modern Web App experience, featuring improved drag-and-drop file management, reliable copy-paste formatting from Microsoft Office, and enhanced tag organization. Additionally, the update ensures compatibility with Outlook 2024 and maintains support for Legacy Exchange Web Services (EWS). CISA Mandate and EOL Warning In response to the active exploitation, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply the necessary Zimbra patches by April 1, 2026. Private organizations are strongly encouraged to follow this same deadline. If applying the patch is not possible, CISA recommends discontinuing the use of the vulnerable product immediately. System administrators must also note that Zimbra version 10.0 officially reached its End of Life (EOL) on December 31, 2025. Organizations still operating on the 10.0 release cycle must plan an immediate migration to Zimbra 10.1 to maintain security compliance. Operating on an EOL platform will leave infrastructure permanently exposed to future unpatched vulnerabilities. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News CISA Urges Organizations to Secure Microsoft Intune Environments Following Stryker Breach Cyber Security Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems Cyber Security News ‘Vibe-Coded’ Malware Campaign Uses Fake Tools, CDNs and File Hosts to Infect Users Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026