Critical Microsoft SharePoint Vulnerabilities Exploited in Major Attacks

In a significant cybersecurity incident, multiple vulnerabilities in Microsoft SharePoint have been actively exploited, leading to substantial breaches across numerous organizations, including U.S. government agencies. The vulnerabilities, notably CVE-2025-53770, allow unauthorized attackers to execute code over a network, while CVE-2025-49704 and CVE-2025-49706 involve remote code execution and spoofing. These exploits have triggered urgent security measures from organizations such as the Department of Energy and the Department of Homeland Security, highlighting the critical need for immediate patching and robust security protocols. Affected entities must prioritize the deployment of patches as Microsoft has released updates to address these issues. The severity of these vulnerabilities, with high CVSS scores, underlines the importance of vigilance and rapid response in the face of evolving cyber threats. Read more here.