Attackers are actively exploiting a zero-day SharePoint vulnerability (CVE-2025-53770) to gain full control over affected on-premises servers. Organizations are advised to implement interim defenses like AMSI and Defender AV until patches are available. #CVE-2025-53770 #SharePointServer #Vulnerability #Cyberattack
Keypoints
- Attackers are exploiting a zero-day vulnerability (CVE-2025-53770) in SharePoint Server.
- Current exploits involve extracting cryptographic keys and gaining remote code execution.
- Microsoft has issued temporary mitigation strategies until an official patch is released.
- The vulnerability affects on-premises SharePoint Servers but not SharePoint Online.
- Organizations should investigate signs of compromise, rotate secrets, and seek expert help if needed.