Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers
22.07.2025
9041
SharePoint zero-day CVE-2025-53770 exploited in mass attacks breaching 75+ orgs; on-prem users at high risk.
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers
A critical zero-day vulnerability in Microsoft SharePoint, identified as CVE-2025-53770, is being actively exploited in the wild, leading to breaches in over 75 organizations. On-premises SharePoint users are particularly at risk, as the flaw allows attackers to execute arbitrary code remotely.
The exploitation of this vulnerability has been observed in mass attacks, with threat actors leveraging it to gain unauthorized access to sensitive data. Microsoft has yet to release a patch, leaving organizations vulnerable to these attacks.
Security experts are urging organizations to implement temporary mitigations, such as disabling certain SharePoint features, until a patch is available. The situation underscores the importance of robust cybersecurity measures and the need for timely updates to protect against emerging threats.
- • Critical zero-day vulnerability (CVE-2025-53770) in Microsoft SharePoint.
- • Actively exploited in attacks breaching over 75 organizations.
- • On-premises users at high risk due to remote code execution capability.
- • No patch available from Microsoft at the time of reporting.
- • Temporary mitigations recommended until a fix is released.
#RCE vulnerabilities#hack#cybersecurity#CVE vulnerabilities#zero-day vulnerabilities
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
