**CYBER THREAT ASSESSMENT** **Classification:** Technical Vulnerability CVE-2025-66376 affects Synacor Zimbra Collaboration Suite (ZCS) Classic UI across all affected versions. The vulnerability permits remote attackers to execute arbitrary JavaScript within user browsers via malicious CSS @import directives embedded in email HTML, bypassing standard XSS protections. Attack vectors require user interaction with crafted email content. ZCS deployments running unpatched instances present elevated risk for session hijacking and credential theft through this exploitation method.