CVE-2025-66376 – Zimbra Collaboration – Active Exploitation Remote Access

CVSS 7.2 IMPORTANT

“When email systems are exposed, attackers gain a direct line into the business.”

Zimbra Collaboration patched a high-severity vulnerability that allows attackers to gain unauthorized access to the platform, potentially exposing sensitive communications and administrative controls. The issue affects core collaboration services, increasing the risk of data compromise and account takeover.

CVE-2025-66376 has a CVSS score of 7.2, which is High severity. The vulnerability can be exploited remotely and poses a significant threat to organizations relying on Zimbra for email and collaboration workflows.

This vulnerability is actively exploited in the wild, making it an urgent priority for remediation. The patch strengthens access controls and closes the unauthorized access path to prevent further abuse.

Key Details

Affected Product: Synacor Zimbra Collaboration Suite
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-79

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2025-66376 – Zimbra Collaboration – Active Exploitation Remote Access

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002