Critical SharePoint Vulnerabilities Exploited: Urgent Patching Required
Critical SharePoint Vulnerabilities Exploited: Urgent Patching Required
On July 19, 2025, the cybersecurity community was alerted to a critical zero-day vulnerability in Microsoft SharePoint Server, designated CVE-2025-53770. This flaw allows unauthenticated remote code execution, posing significant risks to organizations using on-premises SharePoint.
Threat actors, notably groups linked to China, have been exploiting this vulnerability, leading to compromises across over 75 organizations. Among the affected are various government agencies and corporate enterprises, with reports indicating that attackers have gained persistent access to systems, executing commands without prior authentication. Microsoft has responded swiftly by releasing urgent patches and stressing the necessity of implementing comprehensive security measures to mitigate these risks. The company has urged all users to apply these patches immediately to prevent further exploitation of their systems.
For more information, refer to The Hacker News, SWK Technologies, and Microsoft Security Blog.
Also In Security Today
- Government Cybersecurity Breach: A state-sponsored attack has targeted a federal agency, compromising sensitive data. Authorities are investigating potential ties to foreign adversaries.
- Ransomware Surge: Reports indicate a 30% increase in ransomware attacks over the past quarter, with healthcare institutions being the most affected sector.
- New Malware Strain Discovered: A novel strain of malware, dubbed SilentStorm, is being distributed via phishing emails, focusing on financial institutions. Organizations are advised to bolster their email security protocols.