CISA Warns of Actively Exploited Vulnerabilities in Zimbra and SharePoint

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies to patch two actively exploited vulnerabilities in Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint. The flaws include CVE-2025-66376 (CVSS score: 7.2), a stored cross-site scripting (XSS) vulnerability in Zimbra, though further details on the SharePoint flaw were not specified. CISA’s warning confirms these vulnerabilities are being exploited in real-world attacks. No specific dates for the exploits or patch deadlines were provided in the notice. The agency’s directive targets federal agencies but implies broader risks for unpatched systems.