HomeIntelligenceBrief
🛡️ VULNERABILITY BRIEF🟠 High📋 Advisory

Critical Stored XSS in Zimbra Collaboration Suite (CVE‑2025‑66376) and Actively Exploited SharePoint Flaws Threaten Government and Enterprise Environments

CISA has warned that a stored XSS vulnerability in Zimbra (CVE‑2025‑66376) and multiple SharePoint flaws are being actively exploited. The advisory also notes a Cisco zero‑day leveraged by ransomware groups, creating urgent patching and monitoring requirements for third‑party risk managers.

🛡️ LiveThreat™ Intelligence · 📅 March 19, 2026· 📰 thehackernews.com
🟠
Severity
High
📋
Type
Advisory
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
thehackernews.com

Critical Stored XSS in Zimbra Collaboration Suite (CVE‑2025‑66376) and Actively Exploited SharePoint Flaws Threaten Government and Enterprise Environments

What It Is – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory that two vulnerabilities – a stored cross‑site scripting flaw in Synacor Zimbra Collaboration Suite (CVE‑2025‑66376, CVSS 7.2) and multiple unpatched issues in Microsoft Office SharePoint – are being actively exploited in the wild. A separate Cisco zero‑day is also being leveraged by ransomware groups, amplifying the overall threat landscape.

Exploitability – Both flaws are confirmed to have functional exploit code in the wild; threat actors are using the Zimbra XSS to inject malicious scripts that harvest credentials, while SharePoint weaknesses enable remote code execution. The Cisco zero‑day is observed in ransomware campaigns targeting critical infrastructure.

Affected Products

  • Synacor Zimbra Collaboration Suite (all supported on‑premises versions)
  • Microsoft Office SharePoint Server (2016, 2019, and SharePoint Online components)
  • Cisco IOS/IOS‑XE (specific zero‑day details undisclosed)

TPRM Impact – Third‑party risk managers must treat these flaws as supply‑chain threats. Compromised collaboration platforms can become conduits for credential theft, lateral movement, and ransomware deployment across partner networks, potentially exposing sensitive government and enterprise data.

Recommended Actions

  • Deploy the Zimbra patch released on 2025‑12‑15 immediately; verify version numbers post‑deployment.
  • Apply the latest SharePoint security updates (KB 500XXXX) and enforce MFA for all SharePoint‑based accounts.
  • Conduct a rapid inventory of any Cisco devices in the environment; apply any out‑of‑band patches and monitor for anomalous traffic.
  • Enable web‑application firewalls (WAF) with rules to block malicious script payloads targeting Zimbra.
  • Perform threat‑hunt queries for known Indicators of Compromise (IOCs) linked to the ransomware campaigns leveraging the Cisco zero‑day.

Source: The Hacker News – CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero‑Day Hit in Ransomware Attacks

📰 Original Source
https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →