Prime Highlights
- A critical patch was issued by Microsoft to fix a severe remote code execution vulnerability in on-premises SharePoint Server.
- The vulnerability is actively being exploited, and hence immediate action is being initiated by security authorities and organizations.
Key Facts
- More than 50 organizations have already been affected through this SharePoint vulnerability.
- CISA instructed federal networks to be patched by July 21, 2025, to avoid further exploitation.
Key Background
Microsoft has quickly patched an on-premises SharePoint Server software critical vulnerability, which scored CVE-2025-53770 with a CVSS of 9.8. The vulnerability is due to untrusted data improper deserialization and would allow attackers to run arbitrary code unauthenticated. The second spoofing vulnerability, CVE-2025-53771 (CVSS 6.3), also was patched within the same update. Both are refinements of vulnerabilities patched in July but with enhanced protection and more mitigations.
The vulnerability has been exploited in the wild ahead. Security companies have vindicated that further than 50 associations — government, university, and fiscal institutions among them have been traduced. Bushwhackers have reportedly exploited this vulnerability to host web shells, establish patient entry points, and exfiltrate sensitive internal information. Internally, they circumvented authentication controls similar as MFA and SSO, carrying deeper access to internal systems and credentials.
As a result, the U.S. Cybersecurity and structure Security Agency( CISA) added CVE-2025-53770 to its Known Exploited Vulnerabilities list. Federal systems had a deadline of July 21, 2025, to apply the patch. Only on- demesne SharePoint surroundings are impacted — Microsoft 365 pall services are not. Affected performances include SharePoint Garçon 2019, 2016, and the Subscription Edition.
Microsoft largely recommends the following mitigation conduct to be taken install the lately released July 2025 security patches, enable AMSI- grounded antivirus tools, update machine keys, and renew the web garçon for IIS. Enterprises are also recommended to temporarily dissociate SharePoint cases from the internet. All the conduct below can stop farther concession and exclude any backdoors formerly created by the bushwhackers.
