CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added CVE-2025-66376, a Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This inclusion is based on evidence of active exploitation, highlighting the vulnerability's significant risk to federal agencies and urging all organizations to prioritize its remediation.
IFF Assessment
The addition of a newly exploited vulnerability to CISA's KEV catalog indicates a current and active threat that defenders must address.
Severity
Defender Context
Defenders must be aware of the newly added CVE-2025-66376 to their KEV catalog, indicating it is actively exploited. Prioritizing the patching or mitigation of this vulnerability is crucial to prevent potential compromise, especially for organizations using Synacor Zimbra Collaboration Suite.