Cybercriminals linked to the Chinese government are exploiting a SharePoint zero-day vulnerability chain called βToolShellβ to breach organizations worldwide. Multiple threat actors are actively targeting and exploiting CVE-2025-49706 and CVE-2025-49704, prompting urgent patches from Microsoft and security agencies. #ToolShell #CVE-2025-49706 #CVE-2025-49704
Keypoints
- Hackers with ties to the Chinese government are exploiting recent SharePoint vulnerabilities.
- The βToolShellβ exploit chain is used to breach on-premise SharePoint servers globally.
- At least 54 organizations, including government and multinational companies, have been compromised.
- Microsoft and security agencies have issued emergency patches for affected SharePoint versions.
- A proof-of-concept exploit for CVE-2025-53770 has been made available, increasing the threat scope.