SharePoint Flaw Exploitation Escalates

SharePoint Flaw Exploitation Escalates

24 July 2025

A critical security vulnerability in Microsoft's SharePoint servers is being actively exploited, leading to a surge in compromised organisations. The vulnerability, identified as CVE-2025-53770, allows unauthenticated remote code execution, potentially leading to data loss and system compromise. This flaw bypasses previous patches and is being used in widespread attacks.

The attacks involve chaining CVE-2025-53770 with another vulnerability, CVE-2025-49706, to gain initial access and escalate privileges. Threat actors are exploiting this combination to access SharePoint content, file systems, and internal configurations. Microsoft has linked some of the attacks to Chinese state-sponsored hacking groups.

Organisations are urged to apply the latest Microsoft patches immediately to mitigate the risk. CISA has added CVE-2025-53770 to its Known Exploited Vulnerabilities Catalog, emphasising the urgency of patching. The flaw impacts on-premises SharePoint servers, while SharePoint Online in Microsoft 365 is not affected.

AI generated content may differ from the original.

Published on 24 July 2025
microsoftsharepointvulnerabilitycybersecurityexploit
  • SharePoint Servers Under Cyberattack

    SharePoint Servers Under Cyberattack

    Read more about SharePoint Servers Under Cyberattack
  • SharePoint Flaws Exploited Globally

    SharePoint Flaws Exploited Globally

    Read more about SharePoint Flaws Exploited Globally
  • Microsoft Server Software Under Attack

    Microsoft Server Software Under Attack

    Read more about Microsoft Server Software Under Attack
  • SharePoint Under Active Attack

    SharePoint Under Active Attack

    Read more about SharePoint Under Active Attack