Ethical Hacking News
Microsoft has issued a warning about a newly discovered SharePoint zero-day vulnerability (CVE-2025-53770) that is being actively exploited in the wild. This vulnerability allows attackers to execute malicious code on vulnerable servers, highlighting the importance of staying up-to-date with security patches and configurations. Organizations using on-premises SharePoint servers should take immediate action to protect themselves from exploitation.
The newly discovered vulnerability in SharePoint, tracked as CVE-2025-53770, has been actively exploited since July 18, 2025. The vulnerability allows attackers to execute malicious code on vulnerable servers through deserialization of untrusted data. The CVSS score of the flaw is 9.8, indicating its potential severity. Microsoft recommends enabling AMSI integration and deploying Microsoft Defender across all SharePoint Server farms to mitigate the risk. This vulnerability affects only on-premises SharePoint servers and not SharePoint Online in Microsoft 365. Organizations using on-premises servers should take immediate action to patch their systems and implement recommended security configurations.
Microsoft has recently shared an alarming update regarding a newly discovered vulnerability in their popular collaboration platform, SharePoint. The vulnerability, tracked as CVE-2025-53770, has been actively exploited in the wild since July 18, 2025, with attackers taking advantage of it to execute malicious code on vulnerable servers.
According to Microsoft's advisory published on July 21, 2025, the flaw is a deserialization of untrusted data in on-premises Microsoft SharePoint Server, which can be exploited by an unauthorized attacker to execute code over a network. This vulnerability has a CVSS (Common Vulnerability Scoring System) score of 9.8, indicating its potential severity.
The discovery of this zero-day vulnerability was made possible by Viettel Cyber Security in collaboration with Trend Micro's ZDI (Zero-Day Initiative). Microsoft has since acknowledged the exploit and warned its customers that they are under attack.
To mitigate this risk, Microsoft recommends that customers enable AMSI integration and deploy Microsoft Defender across all SharePoint Server farms. This configuration is believed to provide protection against the newly identified vulnerability. It is essential for organizations using SharePoint to take immediate action and ensure that their systems are protected from exploitation.
It's worth noting that the CVE-2025-53770 vulnerability is a variant of the CVE-2025-49706 spoofing flaw, which was addressed by Microsoft with the July 2025 Patch Tuesday updates. However, this new vulnerability affects only on-premises SharePoint servers and not SharePoint Online in Microsoft 365.
Security researchers from Eye Security and Palo Alto Networks have warned about attacks combining two SharePoint flaws, CVE-2025-49706 and CVE-2025-49704, in a chain called "ToolShell." These bugs allow attackers to bypass authentication and run code remotely on vulnerable SharePoint servers. However, the connection between these vulnerabilities is not yet fully understood.
Microsoft has confirmed that it is preparing a comprehensive update to address this vulnerability but advises customers to take immediate action to protect themselves. In the meantime, organizations should prioritize deploying security patches and configurations recommended by Microsoft to minimize their exposure to potential exploitation.
The incident highlights the importance of keeping software up-to-date and regularly monitoring systems for vulnerabilities. As zero-day exploits become increasingly sophisticated, it's crucial that organizations invest in robust security measures to safeguard their networks and data.
Furthermore, this vulnerability serves as a reminder of the ever-evolving threat landscape and the need for continuous vigilance and cooperation between cybersecurity professionals, researchers, and software vendors to stay ahead of emerging threats.
Microsoft has emphasized that SharePoint Online in Microsoft 365 is not impacted by this vulnerability. However, organizations using on-premises servers should take immediate action to patch their systems and implement recommended security configurations.
As the threat landscape continues to evolve, it's essential for organizations to remain vigilant and proactive in protecting themselves against emerging threats like CVE-2025-53770.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Shares-Alarming-News-as-SharePoint-Zero-Day-Vulnerability-Tracked-as-CVE-2025-53770-Actively-Exploited-in-the-Wild-ehn.shtml
https://securityaffairs.com/180182/hacking/sharepoint-zero-day-cve-2025-53770-actively-exploited-in-the-wild.html
https://nvd.nist.gov/vuln/detail/CVE-2025-53770
https://www.cvedetails.com/cve/CVE-2025-53770/
https://nvd.nist.gov/vuln/detail/CVE-2025-49706
https://www.cvedetails.com/cve/CVE-2025-49706/
https://nvd.nist.gov/vuln/detail/CVE-2025-49704
https://www.cvedetails.com/cve/CVE-2025-49704/
Published: Tue Jul 22 12:55:56 2025 by llama3.2 3B Q4_K_M
