Microsoft issued an pressing warning on Saturday to SharePoint Server clients, saying lively assaults are concentrating on a zero-day vulnerability within the software program product, which has been assigned CVE-2025-53770 with a CVSS rating of 9.8.
A patch is presently not accessible for the flaw, which Microsoft says is a variant of CVE-2025-49706.
The Redmond, Washington-based tech large stated a safety replace is presently within the works and supplied mitigation directions and detection steering. Safety groups ought to take fast motion to implement mitigations within the meantime.
“Google Menace Intelligence Group has noticed risk actors exploiting this vulnerability to put in webshells and exfiltrate cryptographic secrets and techniques from sufferer servers,” a Google Spokesperson instructed SecurityWeek. “This enables for persistent, unauthenticated entry and presents a major threat to affected organizations.”
Researchers at Eye Safety say they found “dozens of techniques actively compromised,” which they are saying probably occurred in assaults round of July 18th round 18:00 CET and July nineteenth round 07:30 CET.
“To guard your on-premises SharePoint Server setting, we advocate clients configure AMSI integration in SharePoint and deploy Defender AV on all SharePoint servers. It will cease unauthenticated attackers from exploiting this vulnerability,” Microsoft defined it its advisory.
“Organizations have to implement mitigations instantly (and the patch when accessible), assume compromise, examine whether or not the system was compromised previous to the patch/mitigation, and take remediation actions,” commented Charles Carmakal, CTO, Mandiant Consulting – Google Cloud.
Microsoft stated it might present updates and extra steering as they turn out to be accessible.Commercial. Scroll to proceed studying.
Useful Hyperlinks and assets for CVE-2025-53770:
SecurityWeek will replace this text and supply further protection as particulars developed.
