CISA has urged government agencies to patch two actively publicized flaws in the Zimbra Collaboration Suite and Microsoft Office SharePoint, noting they have been exploited in the wild. The vulnerabilities are CVE-2025-66376, a stored cross-site scripting flaw in ZCS’s Classic UI (CVSS 7.2), and CVE-2026-20963, a deserialization flaw in SharePoint that could allow code execution over a network (CVSS 8.8). There are currently no public reports detailing exploitation or attribution for these flaws.
Agencies are advised to apply CVE-2025-66376 by 1 April 2026 and CVE-2026-20963 by 23 March 2026, according to the guidance issued by CISA. The disclosure also references Interlock ransomware threat actors exploiting a separate Cisco firewall flaw (CVE-2026-20131, CVSS 10.0) as part of a broader pattern of targeting edge devices to gain initial access, with Amazon commenting on the sectors affected.