The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed CVE-2025-66376, a cross-site scripting vulnerability in Zimbra Collaboration Suite, as actively exploited in the wild. Federal agencies must remediate the flaw by a legally mandated deadline, and CISA is urging all organizations to prioritize patching as part of vulnerability management.