The U.S. federal government and cybersecurity researchers have identified a serious security vulnerability in Microsoft SharePoint, designated as CVE-2025-53771. This flaw, classified as a zero-day, is actively being exploited, with no patches yet available from Microsoft, particularly impacting self-managed SharePoint Server versions since 2016. The vulnerability can lead to the theft of digital keys allowing unauthorized access to server data and potential malware deployment. Thousands of businesses, including federal agencies and energy companies, may suffer breaches as attackers exploit this flaw.
The bug allows hackers to steal private digital keys from SharePoint servers without needing any credentials. Once in, hackers can plant malware and access files.
Microsoft has not yet provided patches for all affected SharePoint versions, leaving customers worldwide largely unable to defend against ongoing intrusions.
Collection
[
|
...
]