A Chinese state threat actor is exploiting the CVE-2025-53770 vulnerability in Microsoft SharePoint, causing significant concern among cybersecurity experts. This remote code execution flaw bypasses previously patched issues and is not fully mitigated by Microsoft's recent patch. Mandiant Consulting has observed numerous groups attacking SharePoint globally, signaling an ongoing trend of exploitation. Urgent actions, including patching and rotating machine keys, are advised to protect against intrusions. Analysts expect a surge in malicious activity targeting SharePoint instances in the coming period.
"We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor. It's critical to understand that multiple actors are now actively exploiting this vulnerability."
"Carmakal reiterated general advice to not only patch CVE-2025-53770 but to also rotate SharePoint ASP.NET machine keys as a matter of urgency, as these will likely have been stolen in any intrusions."
Collection
[
|
...
]