Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability — CVE-2025-66376
CISA-KEV · Synacor · CVE-2025-66376
ID
CVE-2025-66376
CVE-2025-66376
Date
Updated
Activity
Source
CISA-KEV
CISA-KEV
Vendor
Synacor
Synacor
Threat
high
high
Exploited
Yes
Yes
Summary
CVE-2025-66376 is a advisory from CISA-KEV. Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability Vendor: Synacor. Severity/Threat: high. This item is marked as actively exploited. Source updated on 2026-03-18.
Product
Zimbra Collaboration Suite (ZCS)
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Check logs/telemetry for indicators of compromise and suspicious activity.
- Consider temporary hardening: restrict access, reduce attack surface, and monitor aggressively.
- Read the official advisory for exact affected versions and remediation steps.