- While fixing utilized deficiencies, Microsoft may have introduced new bugs as well
- The problems affected several SharePoint On-Prem variants
- Hackers are already utilizing them in the wild so users have to patch now
Microsoft has released an urgent patch to fix a zero-day vulnerability affecting local SharePoint servers.
The vulnerability is already utilized in nature, and that is why users are encouraged to use the patch immediately and secure their assets.
Three Microsoft products were said to be affected: SharePoint Server -Subscription Edition, SharePoint Server 2019 and SharePoint Server 2016. SharePoint Online (Microsoft 365) is not affected.
How to secure your final points
The vulnerability is described is described as a deserialization of non-trusted data in local Microsoft SharePoint Server, which allows an unauthorized striker to perform code over a network. It is traced as CVE-2025-53770 and has a severity of 9.8/10 (critical).
“Microsoft is aware that there is an exploitation for CVE-2025-53770 in nature,” National Søvability Database (NVD) said in its advice.
To ensure the final points, Microsoft recommends using the security updates in July 2025 immediately, as well as activating antimalware scanning interface (AMSI) to SharePoint and making sure defender antivirus is inserted.
After patching or enabling AMSI, users must rotate their ASP.NET machine keys, implement Microsoft Defender to Endpoint to detect activity after utilization or upgrade to supported SharePoint versions if needed.
The vulnerability was actually introduced while fixing a few bugs that were also exploited in nature. The track as CVE-2025-49706 and CVE-2025-49704, these two were attached in July, but introduced two new error-cve-2025-53770, and CVE-2025-53771, a 6.3/10 (medium) path-traveral error giving spoofing over a network.
The new bugs were quickly discovered by threat actors and abused in attacks since July 18, when at least 85 organizations were apparently affected, including several multinational and government units, such as a private university and a private energy operator in California, a federal government’s health organization and a private fintech company in New York.
Via Bleeping computer
