Microsoft SharePoint has frequently made headlines—and often for negative reasons—due to its involvement in various hacking incidents and data breaches. The platform has been repeatedly exploited through both known vulnerabilities and misconfigurations. Most recently, a newly discovered zero-day vulnerability in SharePoint has surfaced, drawing attention once again. One of the most prominent victims of this exploit is United State’s National Nuclear Security Administration (NNSA), which was targeted in a sophisticated cyberattack. This breach, leveraging the previously unknown flaw in SharePoint, is considered one of the most serious security incidents impacting critical U.S. defence infrastructure this year.
Netherlands-based cybersecurity firm Eye Security’s research team was the first to identify two critical zero-day vulnerabilities in Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771) last Friday. The flaws, which were actively being exploited, allow attackers to fully compromise servers, access sensitive data, steal cryptographic material, install backdoors, and move laterally across networks. The vulnerabilities pose serious risks, including data theft, ransomware, and long-term undetected breaches.
Both of these vulnerabilities are extensions of CVE-2025-49706 and CVE-2025-49704, the original flaws in Microsoft SharePoint disclosed by Viettel Cyber Security during Pwn2Own Berlin 2025 as part of a chained attack. These were addressed in the July 2025 Patch Tuesday updates. However, further investigation revealed that the initial patches were incomplete, prompting the release of CVE-2025-53770 and CVE-2025-53771.
Vulnerabilities Detail:
CVE-2025-53770 : Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
CVE-2025-53771 : Improper limitation of a pathname to a restricted directory (‘path traversal’) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Affected Products:
MS SharePoint Server Subscription Edition
MS SharePoint Server 2019
MS SharePoint Enterprise Server 2016
Link to Microsoft Advisory:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771
Organisations Compromised:
The report revealed that more than 100 organisations around the globe have been breached, spanning various sectors such as government agencies, energy providers, consulting firms, and academic institutions. These cyberattacks have impacted entities across several regions, including the United States, Europe, and the Middle East.
Hacking Groups Involved:
Microsoft has attributed the attacks to three China-linked threat actors: Linen Typhoon, Violet Typhoon and Storm-2603.
Conclusion : The SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-53771) stresses the critical nature of these flaws, which allow remote code execution and authentication bypass. Immediate patching is essential to protect systems, as these vulnerabilities are actively being exploited.
To deal with vulnerabilities like those in SharePoint:
Apply Patches Quickly: Ensure timely installation of security updates.
Regular Vulnerability Scanning: Use tools to detect unpatched flaws and conduct penetration tests.
Access Control: Limit user privileges and ensure role-based access.
Network Segmentation & Monitoring: Isolate critical systems and monitor for suspicious activity.
Backup & Incident Response: Regularly back up data and have an updated incident response plan.
Enable MFA: Add multi-factor authentication to enhance account security.
Application Security: Harden SharePoint and use security tools.
Threat Intelligence: Stay informed of emerging risks from trusted sources.
I just like the helpful information you provide in your articles