A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign.
The zero-day flaw, tracked asCVE-2025-53770(CVSS score: 9.8), has been described as a variant ofCVE-2025-49706(CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that wasaddressedby the tech giant as part of its July 2025 Patch Tuesday updates.
"Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthoriz...
SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available
SecurityWeek
58 minutes ago
Enterprises running SharePoint servers should not wait for a fix for CVE-2025-53770 and should commence threat hunting to for compromise immediately....
