# CVE-2025-66376

> Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

- **CVSS:** 7.2 (HIGH)
- **EPSS:** 10.0%
- **CISA KEV:** yes
- **CWE:** CWE-79

Canonical: https://intel.threadlinqs.com/cve/CVE-2025-66376
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp