A critical zero-day vulnerability in Microsoft SharePoint has been exploited since July 7, 2025, targeting various sectors including government and telecommunications in North America and Western Europe. Check Point Research detected exploitation attempts from three IP addresses, with one linked to previous security issues. Enterprises are urged to apply security updates promptly due to a sophisticated campaign leveraging patched vulnerabilities. The attack chains utilize both a newly patched remote code execution flaw and a spoofing vulnerability patched by Microsoft to escalate privileges.
A critical zero-day vulnerability in SharePoint on-prem has been actively exploited since July 7, 2025, primarily targeting government and telecom sectors in North America and Western Europe.
Check Point Research observed exploitation attempts from three distinctive IP addresses linked to past security flaws, indicating a sophisticated and fast-moving threat landscape.
Enterprises are urged to update their security systems urgently to protect against the exploitation of a newly patched remote code execution flaw in SharePoint.
Exploit chains have been confirmed that combine recently patched vulnerabilities to gain initial access and escalate privileges within vulnerable systems.
Collection
[
|
...
]