Ethical Hacking News
Microsoft has released critical security patches for two SharePoint vulnerabilities, with a focus on addressing the high-severity, ongoing threat of remote code execution (RCE) through deserialization of untrusted data in on-premises SharePoint Server customers. With at least 54 organizations already compromised and active exploitation reported, patching alone is deemed insufficient to fully evict the threat. Microsoft urges immediate action from affected organizations to safeguard against these critical vulnerabilities.
Microsoft has released security patches for two exploited vulnerabilities in its SharePoint platform. The first vulnerability, CVE-2025-53770, poses a significant threat to on-premises SharePoint Server customers due to remote code execution (RCE) through deserialization of untrusted data. Both identified flaws apply solely to on-premises SharePoint Servers and do not impact SharePoint Online in Microsoft 365. Palo Alto Networks Unit 42 has described a high-impact, ongoing threat campaign leveraging this exploit, which can lead to exfiltration of sensitive data and deployment of persistent backdoors. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-53770 to its Known Exploited Vulnerabilities (KEV) catalog. At least 54 organizations have been compromised, including banks, universities, and government entities, with active exploitation commencing around July 18, 2025.
In a concerning turn of events, Microsoft has released security patches for two actively exploited vulnerabilities in its SharePoint platform. The first vulnerability, tracked as CVE-2025-53770 and carrying a CVSS score of 9.8, poses a significant threat to on-premises SharePoint Server customers due to the potential for remote code execution (RCE) through deserialization of untrusted data.
According to Microsoft's advisory released on July 20, 2025, this vulnerability arises from improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint. This allows an authorized attacker to perform spoofing over a network, further complicating the already precarious cybersecurity landscape. Furthermore, it is essential to note that both identified flaws apply solely to on-premises SharePoint Servers and do not impact SharePoint Online in Microsoft 365.
The severity of this vulnerability was underscored by Palo Alto Networks Unit 42, which has described a high-impact, ongoing threat campaign leveraging this exploit. According to Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, attackers are bypassing identity controls, including MFA and SSO, to gain privileged access. This breach can lead to exfiltration of sensitive data, deployment of persistent backdoors, and theft of cryptographic keys. The attackers have effectively leveraged this vulnerability to establish a foothold in compromised systems.
Microsoft has emphasized the importance of patching alone being insufficient to fully evict the threat, given SharePoint's deep integration with other critical Microsoft services such as Office, Teams, OneDrive, and Outlook, which hold considerable value for an attacker. The company strongly urged organizations running on-premises Microsoft SharePoint servers to apply the necessary patches with immediate effect.
In addition to this vulnerability, Microsoft has also disclosed details of another vulnerability, tracked as CVE-2025-53771, a spoofing flaw in SharePoint (CVSS score: 6.3). An anonymous researcher has been credited with discovering and reporting the bug. This vulnerability is described by Microsoft as allowing an authorized attacker to perform path traversal, further exacerbating the already concerning cybersecurity landscape.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-53770 to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 21, 2025. Eye Security, another entity tracking this threat, reported that at least 54 organizations have been compromised, including banks, universities, and government entities, with active exploitation commencing around July 18, 2025.
The emergence of these critical vulnerabilities serves as a stark reminder of the ever-evolving nature of cybersecurity threats. As organizations continue to rely on outdated or insecure systems, they risk exposing themselves to unprecedented levels of vulnerability. It is imperative that companies prioritize proactive measures such as patching, regular software updates, and robust security protocols to safeguard against such high-severity exploits.
In light of this developing story, it is essential for cybersecurity leaders and organizations to remain vigilant and take immediate action to protect their systems from these actively exploited vulnerabilities. The sooner patches are applied, the more likely it is that organizations can prevent significant data breaches and mitigate potential damage.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unrelenting-Assault-on-Cybersecurity-A-Deep-Dive-into-the-Critical-SharePoint-Vulnerability-ehn.shtml
https://thehackernews.com/2025/07/microsoft-releases-urgent-patch-for.html
https://nvd.nist.gov/vuln/detail/CVE-2025-53770
https://www.cvedetails.com/cve/CVE-2025-53770/
https://nvd.nist.gov/vuln/detail/CVE-2025-53771
https://www.cvedetails.com/cve/CVE-2025-53771/
Published: Mon Jul 21 18:58:33 2025 by llama3.2 3B Q4_K_M
