Vulnerabilities - CISA Warns of Zimbra and SharePoint Flaws
Basically, CISA is telling agencies to fix security holes in software to avoid getting hacked.
CISA warns of serious vulnerabilities in Zimbra and SharePoint. Agencies must patch these flaws to prevent potential exploitation. Timely action is essential for security.
The Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding two significant vulnerabilities in widely used software. The first is CVE-2025-66376, a stored cross-site scripting vulnerability in the Synacor Zimbra Collaboration Suite (ZCS). This flaw allows attackers to exploit HTML email messages using Cascading Style Sheets (CSS) @import directives. The second vulnerability, CVE-2026-20963, is found in Microsoft Office SharePoint and involves deserialization of untrusted data, which could allow unauthorized code execution over a network.
Both vulnerabilities have been rated with high CVSS scores: 7.2 for Zimbra and 8.8 for SharePoint, indicating their potential severity. CISA has emphasized that these flaws are not just theoretical; they are actively being exploited in the wild, making it imperative for organizations to act swiftly.
What's at Risk
The risks posed by these vulnerabilities are substantial. For Zimbra, the ability to execute cross-site scripting attacks could lead to unauthorized access to sensitive information, potentially compromising email communications. For SharePoint, the deserialization flaw could allow attackers to run malicious code, leading to data breaches or further exploitation of the network.
Federal Civilian Executive Branch (FCEB) agencies are particularly at risk, as they are urged to apply patches for these vulnerabilities. The deadline for Zimbra patches is April 1, 2026, and for SharePoint, it is March 23, 2026. Failure to address these vulnerabilities could expose sensitive government data and systems to malicious actors.
Patch Status
Patches for these vulnerabilities have already been released. The Zimbra vulnerability was fixed in versions 10.0.18 and 10.1.13, which were made available in November 2025. The SharePoint vulnerability has also been addressed with a patch released in January 2026. However, despite these patches being available, the urgency remains for organizations to implement them as soon as possible to mitigate the risks.
CISA's warning highlights the importance of maintaining up-to-date software and promptly applying security updates. Organizations that delay these actions may find themselves vulnerable to exploitation, especially given the active nature of these threats.
Immediate Actions
Organizations must prioritize patching their systems to protect against these vulnerabilities. Here are key actions to take:
- Apply patches immediately for Zimbra and SharePoint to close these security gaps.
- Monitor network traffic for any unusual activity that could indicate exploitation attempts.
- Educate staff about the risks of phishing and social engineering, as these are common tactics used alongside such vulnerabilities.
In addition, organizations should review their overall security posture and ensure that they have robust incident response plans in place. As the threat landscape evolves, staying ahead of vulnerabilities is crucial for safeguarding sensitive data and maintaining operational integrity.
The Hacker News