The Microsoft SharePoint zero-day vulnerability, attributed to a China-nexus threat actor, is being exploited by multiple parties, raising concerns about IP theft and trade secrets. The availability of a PoC exploit for CVE-2025-53770 on GitHub could enable more attackers to leverage the vulnerability. Organizations are urged to patch their SharePoint servers and renew their ASP.NET Machine keys. The situation indicates that while state-sponsored activity is likely, other attackers without clear affiliations are also involved.
A PoC exploit for CVE-2025-53770 is now available on GitHub, making it easier for multiple parties to exploit the Microsoft SharePoint zero-day.
The indication that state actors are involved is significant, but multiple parties are now exploiting this zero-day, including those with varied motives.
Collection
[
|
...
]