- While fixing exploited flaws, Microsoft may have also introduced new bugs
- The issues affected multiple SharePoint on-prem variants
- Hackers are already exploiting them in the wild, so users should patch now
Microsoft has released an urgent patch to fix a zero-day vulnerability affecting on-premises SharePoint servers.
The vulnerability is already being exploited in the wild, which is why users are urged to apply the patch immediately and secure their assets.
Three Microsoft products were said to be affected: SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Server 2016. SharePoint Online (Microsoft 365) is not affected.
How to secure your endpoints
The vulnerability being addressed is described as a deserialization of untrusted data in on-premises Microsoft SharePoint Server, which allows an unauthorized attacker to execute code over a network. It is tracked as CVE-2025-53770, and carries a severity score of 9.8/10 (critical).
“Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild,” the National Vulnerability Database (NVD) said in its advisory.
To secure the endpoints, Microsoft recommends applying the July 2025 security updates immediately, as well as enabling Antimalware Scan Interface (AMSI) for SharePoint and making sure Defender Antivirus is deployed.
After patching, or enabling AMSI, users should rotate their ASP.NET machine keys, deploy Microsoft Defender for Endpoint to detect post-exploitation activity, or upgrade to supported SharePoint versions, if needed.
The vulnerability was actually introduced while fixing a pair of bugs that were also being exploited in the wild. Tracked as CVE-2025-49706 and CVE-2025-49704, these two were fixed in July, but introduced two new flaws – CVE-2025-53770, and CVE-2025-53771, a 6.3/10 (medium) path traversal bug that allows spoofing over a network.
The new bugs were quickly spotted by threat actors, and abused in attacks since July 18, with at least 85 organizations apparently being hit, including several multi-nationals and government entities, such as a private university and a private energy operator in California, a federal government health organization, and a private fintech firm in New York.
Via BleepingComputer
