Vulnerability Management, Threat Intelligence, Patch/Configuration Management

Microsoft SharePoint zero-days leveraged in global attacks

Microsoft SharePoint app seen in App Store on the screen of ipad and blurred finger pointing at it.

At least 85 Microsoft SharePoint servers worldwide have already been breached in attacks involving a pair of critical SharePoint zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, which have been underway since Friday, reports BleepingComputer.

Both vulnerabilities circumvent previously issued fixes for ToolShell bugs, tracked as CVE-2025-49706 and CVE-2025-49704, according to Microsoft, which has already released updates for SharePoint Server 2019 and SharePoint Subscription Edition. "...[T]he update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706," said Microsoft, which has yet to fix the issues in SharePoint 2016. Attacks involving the zero-days were initially observed by Eye Security. Such intrusions have already prompted the Cybersecurity and Infrastructure Security Agency to include CVE-2025-53770 in its Known Exploited Vulnerabilities list, with federal agencies urged to apply remediations within a day of the advisory. "CISA encourages all organizations with on-premise Microsoft SharePoint servers to take immediate recommended action," said CISA Acting Executive Assistant Director for Cybersecurity Chris Butera.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds