SharePoint vulnerability with 9.8 severity rating under exploit across globe

A troubling new vulnerability in Microsoft SharePoint Server has emerged, prompting urgent warnings from authorities and cybersecurity experts. This critical flaw, identified as CVE-2025-53770, boasts a severity rating of 9.8 out of 10, making it a prime target for cybercriminals seeking to exploit sensitive company information, including vital authentication tokens that grant access to internal systems. Experts have advised that any organization operating an on-premises version of SharePoint should treat their networks as compromised. The vulnerability allows unauthorized remote access to SharePoint Servers that are publicly exposed on the Internet. Reports of mass exploitation began circulating on Friday, highlighting the serious threat to those utilizing in-house infrastructure. Notably, Microsoft’s cloud-based SharePoint Online and Microsoft 365 remain unaffected by this issue. On Saturday, Microsoft confirmed the existence of active attacks exploiting this zero-day vulnerability. In a timely response, the company released an emergency update the following day to address this flaw and a related vulnerability, CVE-2025-53771, affecting both SharePoint Subscription Edition and SharePoint 2019. Users of these versions are urged to implement the updates without delay, as SharePoint 2016 remained unpatched at the time of reporting. For those still using SharePoint 2016, Microsoft has recommended the installation of the Antimalware Scam Interface to bolster defenses. Interestingly, the exploitation methods observed are reminiscent of techniques demonstrated earlier this year at the Pwn2Own hacking competition in Berlin, targeting two separate vulnerabilities, CVE-2025-49704 and CVE-2025-49706, which were partially patched in a previous monthly update. The latest patches for CVE-2025-53770 and CVE-2025-53771 promise enhanced protections against the previously exploited vulnerabilities, underscoring the urgency for all affected users to act swiftly.