- • Microsoft's SharePoint is vulnerable to two critical zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771, allowing remote code execution and server spoofing.
- • The vulnerabilities are actively exploited in the wild, with reports of attacks targeting US government agencies and businesses.
- • Patches are available for SharePoint Server Subscription Edition and SharePoint Server 2019; however, no patches are currently available for SharePoint 2016.
- • Immediate action is required: administrators must apply the patches to mitigate risks of unauthorized access and lateral movement within networks.
- • Attackers can exploit these vulnerabilities to gain full access to SharePoint content and potentially compromise other services like Outlook and Teams.
Microsoft has identified two critical zero-day vulnerabilities in SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, which are being actively exploited to execute remote code and spoof servers. These vulnerabilities pose significant risks to organizations, including US government agencies, as attackers can gain full access to SharePoint content and move laterally to other services. Administrators must urgently apply available patches for SharePoint Server Subscription Edition and SharePoint Server 2019 to protect against these threats. Organizations should also monitor for suspicious activity and ensure that all systems are updated to prevent exploitation.
