A zero-day vulnerability in Microsoft SharePoint Server, CVE-2025-53770, has been exploited widely, allowing unauthorized remote code execution. This flaw, with a severity score of 9.8, is linked to a spoofing bug previously covered in July 2025 patches. Microsoft announced that it is testing a comprehensive update to rectify the issue and is advising customers to enhance security by configuring Antimalware Scan Interface (AMSI) and deploying Defender AntiVirus. Users unable to implement these measures should isolate their SharePoint servers from the internet until a patch is available.
A critical security vulnerability in Microsoft SharePoint Server, tracked as CVE-2025-53770 with a CVSS score of 9.8, has been weaponized in a large-scale exploitation campaign.
Unauthorized attackers can execute code over a network due to deserialization of untrusted data in on-premises Microsoft SharePoint Server. Active attacks are targeting customers using SharePoint.
Microsoft advises customers to configure Antimalware Scan Interface (AMSI) integration in SharePoint and deploy Defender AV on all SharePoint servers to mitigate the risk of exploitation.
Those unable to enable AMSI integration should disconnect SharePoint Server from the internet until a patch is issued, and consider deploying Defender for Endpoint for additional protection.
Collection
[
|
...
]