Microsoft has addressed two critical zero-day vulnerabilities in SharePoint, CVE-2025-53771 and CVE-2025-53770, affecting only on-premises versions. CVE-2025-53771 allows attackers to impersonate legitimate users, while CVE-2025-53770 enables remote code execution, allowing unauthorized code to be run in SharePoint environments. These vulnerabilities have already been exploited, targeting entities such as US federal agencies and energy companies. Microsoft is continuing to work on a patch for SharePoint Server 2016, while fixes for SharePoint Server Subscription Edition and 2019 have been released.
CVE-2025-53770 gives a threat actor the ability to remotely execute code, bypassing identity protections (like single sign-on and multi-factor authentication), giving access to content on the SharePoint server including configurations and system files, opening up lateral access across the Windows domain.
Already, hackers have launched attacks against US federal and state agencies, universities, energy companies, and others, state officials and private researchers told The Washington Post.
Collection
[
|
...
]