NVD - CVE-2025-66376 (original) (raw)
Change History
6 change records found show changes
CVE Modified by CISA-ADP 6/17/2026 5:56:44 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC | {"timestamp":"2026-03-17T00:00:00+00:00","id":"CVE-2025-66376","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"} |
CVE Modified by MITRE 6/17/2026 5:56:44 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | [{"vendor":"Zimbra","product":"Collaboration","defaultStatus":"unaffected","versions":[{"version":"10.0","lessThan":"10.0.18","versionType":"custom","status":"affected"},{"version":"10.1","lessThan":"10.1.13","versionType":"custom","status":"affected"}]}] |
Initial Analysis by NIST 3/18/2026 4:13:37 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | |
| Added | CPE Configuration | OR *cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.0.18 *cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* versions from (including) 10.1.0 up to (excluding) 10.1.13 | |
| Added | Reference Type | CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2025-66376 Types: US Government Resource | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Security\_Center Types: Release Notes, Vendor Advisory | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Releases/10.0.18#Security\_Fixes Types: Release Notes | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Releases/10.1.13#Security\_Fixes Types: Release Notes | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Responsible\_Disclosure\_Policy Types: Product | |
| Added | Reference Type | MITRE: https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories Types: Vendor Advisory |
CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 3/18/2026 3:00:02 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Date Added | 2026-03-18 | |
| Added | Due Date | 2026-04-01 | |
| Added | Required Action | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | |
| Added | Vulnerability Name | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability |
CVE Modified by CISA-ADP 3/18/2026 1:16:04 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2025-66376 |
New CVE Received from MITRE 1/05/2026 10:15:44 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message. | |
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N | |
| Added | CWE | CWE-79 | |
| Added | Reference | https://wiki.zimbra.com/wiki/Security\_Center | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Releases/10.0.18#Security\_Fixes | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Releases/10.1.13#Security\_Fixes | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Responsible\_Disclosure\_Policy | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories |