Two critical severity, zero-day, remote code execution vulnerabilities in Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771) have been actively exploited since July 18, 2025 to run malicious code remotely without user interaction. These were discovered by Eye Security to be already exploited before they were disclosed to the security community.
These vulnerabilities represent a bypass of a security fix for the CVE-2025-49704 and CVE-2025-49706 vulnerabilities that Microsoft patched earlier this month.
Microsoft has released emergency updates for SharePoint 2019 and Subscription Edition; however, no patch is available for SharePoint Enterprise Server 2016 at this time. Apply these patches immediately. If running affected versions, limit internet exposure, check for signs of compromise, and rotate credentials.
See the resource center.
Status
Research started July 21, 2025 and initial detections expected July 22, 2025.
Feedback
0 comments
Please sign in to leave a comment.