Multiple vulnerabilities in Microsoft's SharePoint platform have been identified, allowing for remote code execution (RCE) and server spoofing. These vulnerabilities, CVE-2025-53770 and CVE-2025-53771, enable attackers to manipulate cryptographic keys to allow unauthorized access. Widespread exploitation has been confirmed, impacting governmental and enterprise systems globally. Microsoft is urging customers to update their SharePoint systems promptly and is collaborating with US authorities, including CISA, to address these issues. CISA has added CVE-2025-53770 to its Known Exploited Vulnerabilities catalogue.
All signs point to widespread, mass exploitation - with compromised government, technology, and enterprise systems observed globally.
Attackers are deploying persistent backdoors, and notably, are taking a more sophisticated route than usual: the backdoor retrieves SharePoint's internal cryptographic keys.
With these keys in hand, attackers can craft forged __VIEWSTATE payloads that SharePoint will accept as valid - enabling seamless remote code execution.
Microsoft has been working alongside the US authorities, including the Cybersecurity and Infrastructure Security Agency (CISA), and other partners across the globe.
Collection
[
|
...
]