A critical security vulnerability in Microsoft's SharePoint servers is being actively exploited, leading to a surge in compromised organisations. The vulnerability, identified as CVE-2025-53770, allows unauthenticated remote code execution, potentially leading to data loss and system compromise. This flaw bypasses previous patches and is being used in widespread attacks.
The attacks involve chaining CVE-2025-53770 with another vulnerability, CVE-2025-49706, to gain initial access and escalate privileges. Threat actors are exploiting this combination to access SharePoint content, file systems, and internal configurations. Microsoft has linked some of the attacks to Chinese state-sponsored hacking groups.
Organisations are urged to apply the latest Microsoft patches immediately to mitigate the risk. CISA has added CVE-2025-53770 to its Known Exploited Vulnerabilities Catalog, emphasising the urgency of patching. The flaw impacts on-premises SharePoint servers, while SharePoint Online in Microsoft 365 is not affected.
Related Articles
SharePoint Servers Under Cyberattack
Read more about SharePoint Servers Under Cyberattack →SharePoint Flaws Exploited Globally
Read more about SharePoint Flaws Exploited Globally →Microsoft Server Software Under Attack
Read more about Microsoft Server Software Under Attack →SharePoint Under Active Attack
Read more about SharePoint Under Active Attack →