Critical SharePoint Vulnerability Exploited Globally

A critical vulnerability in Microsoft SharePoint Server, identified as CVE-2025-53770, is currently being actively exploited worldwide. This flaw allows unauthenticated remote access, enabling attackers to execute arbitrary code on affected servers. The vulnerability affects on-premises versions of SharePoint Server 2016, 2019, and the Subscription Edition, while SharePoint Online remains unaffected.

Security researchers have observed a significant increase in exploitation attempts since mid-July 2025. Reports indicate that at least 400 organizations have been compromised, including entities such as the National Nuclear Security Administration (NNSA). Attackers have been able to steal sensitive data, including authentication tokens, which could grant them prolonged access to internal systems even after patches are applied.

Microsoft has responded by releasing emergency patches for the affected versions. The company urges all organizations using on-premises SharePoint servers to apply these updates immediately to mitigate the risk. Additionally, Microsoft recommends enabling malware protection and considering disconnecting vulnerable servers from the internet until patches are fully implemented.

Given the widespread exploitation and the critical nature of this vulnerability, organizations must act swiftly to secure their systems. This incident underscores the importance of timely patch management and the need for continuous monitoring of enterprise systems to detect and respond to threats promptly.