.png){kind=small}
.png)
.png)
.png)
.png)
5 hours ago
7
ARTICLE AD BOX
An unpatched and critical
zero-day vulnerability
in Microsoft SharePoint is being actively exploited by hackers. Tracked as
CVE-2025-53770
, the vulnerability is being actively exploited in a large-scale
cyberattack
which has led to the compromise of 75 company servers, including major corporations and US government agencies. This server security threat poses a serious threat to organisations which completely rely on the Microsoft collaboration platform. Microsoft has acknowledged the issue and has said that the company is actively working to release a security update for the vulnerability. “Our team is actively working to release a security update and will provide additional details as they are available,” said the company.
Microsoft SharePoint vulnerability CVE-2025-53770: Key details
The Microsoft SharePoint vulnerability has 9.8 rating on the CVSS scale. The vulnerability which has impacted 75 company servers allows unauthenticated
remote code execution
by exploiting how SharePoint deserializes untrusted data. As per reports, the attackers are also using this vulnerability to steal the cryptographic keys and deploy persistent web shells which will grant them complete control over the affected systems.It is also important to note that CVE-2025-53770 is a variant of CVE-2025-49706 which Microsoft patched with the July updates. The exploits invite ASPX payloads delivered via PowerShell, targeting the server’s MachineKey configuration.
Who is affected by the Microsoft SharePoint vulnerability
This breach has impacted 75 servers of the company which makes it a widespread threat. So, presently, the SharePoint Server users running 2016, 2019, or Subscription Edition are the ones affected by this breach. The company has however confirmed that the SharePoint Online (Microsoft 365) is not impacted.
What Microsoft said about the breach
Microsoft has acknowledged the vulnerability and is working on an emergency patch to address the flaw. “Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. SharePoint Online in Microsoft 365 is not impacted,” said the company.“A patch is currently not available for this vulnerability. Mitigations and detections are provided below. Our team is actively working to release a security update and will provide additional details as they are available,” added the company.
Microsoft share guidelines for users
Microsoft has also shared some guidelines for users to protect their on-premises SharePoint Server environment. The company has asked the users to:- Enable Antimalware Scan Interface (AMSI) integration and deploy Defender AV on all SharePoint servers- If AMSI cannot be enabled, Microsoft recommends disconnecting servers from the internet- Use Defender for Endpoint to detect post-exploit activity and monitor for suspicious file creation like spinstall0.aspx.
English (US) ·