The U.S. cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch two actively exploited security vulnerabilities. The flaws affect Synacor’s Zimbra Collaboration Suite and Microsoft Office SharePoint Server, posing a significant risk to organizational data and systems.

This warning was formally added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, mandating that all federal civilian executive branch agencies apply the necessary updates by a specified deadline. The action underscores the immediate threat posed by these vulnerabilities in real-world attacks.

Details of the Exploited Vulnerabilities

The first critical flaw, tracked as CVE-2025-66376, carries a CVSS score of 7.2. It is a stored cross-site scripting (XSS) vulnerability within the Zimbra Collaboration Suite. This type of weakness allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or data theft.

The second vulnerability, identified as CVE-2025-66377, has a higher CVSS severity score of 8.8. It is an authentication bypass issue in Microsoft Office SharePoint Server. This flaw could enable an unauthenticated attacker to gain unauthorized access to sensitive SharePoint sites and their contents without needing valid credentials.

Context and Broader Threat Landscape

CISA’s advisory coincides with ongoing cybersecurity incidents affecting other major technology providers. Separately, Cisco Systems is addressing exploitation of a zero-day vulnerability in its networking hardware. Threat actors are using this Cisco flaw, identified as CVE-2025-20357, in ransomware attacks against small and medium-sized businesses.

These concurrent warnings highlight a period of intensified cyber threat activity. Government and private sector organizations globally are urged to prioritize patching these and other recently disclosed security holes to mitigate risk.

Official Recommendations and Compliance

CISA’s binding operational directive requires federal agencies to secure their systems against the Zimbra and SharePoint flaws by July 21, 2025. While the order applies directly to U.S. federal bodies, CISA strongly recommends that all organizations, including private companies and state-level entities, review their systems and apply patches promptly.

The agency emphasizes that vulnerabilities listed in the KEV catalog are prime targets for malicious cyber actors. Timely patching remains one of the most effective defenses against potential breaches and data loss resulting from such exploits.

Looking Ahead and Next Steps

Security researchers expect continued exploitation of these vulnerabilities until patch adoption becomes widespread. Organizations using affected versions of Zimbra Collaboration Suite and Microsoft Office SharePoint Server should immediately consult the respective vendor security advisories for patch information and implementation guidance. The cybersecurity community will monitor for any escalation in attack patterns or the emergence of additional related threats in the coming weeks.

Source: GeekWire