A critical warning has been issued by the US Cybersecurity and Infrastructure Security Agency, advising government agencies to immediately apply patches for two significant security flaws affecting Synacor Zimbra Collaboration Suite and Microsoft Office SharePoint. The vulnerabilities, including CVE-2025-66376, a stored cross-site scripting flaw with a CVSS score of 7.2, have been actively exploited by attackers. This active exploitation status elevates the urgency for patching, as highlighted by CISA's discussions around the vulnerability1. The agency's warning underscores the importance of prompt action to prevent potential breaches. The vulnerabilities pose a significant risk to unpatched systems, and their exploitation can lead to severe consequences. So what matters to practitioners is that timely patching of these flaws can prevent ransomware attacks and other malicious activities, making it essential to prioritize vulnerability management.
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
⚠️ Critical Alert
Why This Matters
CVE-2025-66376 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, March 19). CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks. *The Hacker News*. https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html
Original Source
The Hacker News
Read original →