Microsoft SharePoint zero-day exploited in RCE attacks

The global zero-day vulnerability targeting Microsoft SharePoint Server, along with Microsoft’s latest advisory and the release of an emergency patch.

Microsoft users face yet another serious security threat—this time impacting on-premises SharePoint Server environments. Unlike recent Outlook-based threats or browser-related exploits, this zero-day vulnerability—CVE-2025-53770—has no straightforward fix. Prior to the emergency patch release, there was no available update to mitigate the issue, putting organizations at immediate risk.

According to security analysts, the vulnerability is already being actively exploited in mass-scale attacks, compromising SharePoint servers worldwide. If your organization relies on Microsoft SharePoint Server, it is critical to take immediate action. Here's what you need to know—and the urgent steps to protect your infrastructure.

Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. Microsoft Confirms Global SharePoint Attack — Emergency Update Issued.

Microsoft has issued emergency security updates addressing two critical vulnerabilities—CVE-2025-53770 and CVE-2025-53771—affecting SharePoint Subscription Edition and SharePoint Server 2019. “Customers should apply these updates immediately to ensure they’re protected,” the company urged in its latest advisory.

Confirmed Attacks on Microsoft SharePoint Server (CVE-2025-53770)

Security concerns continue to mount. Following widespread reports of Prime account breaches affecting 220 million Amazon users and false alarms around Ring doorbell hacks, a very real and serious threat has emerged for Microsoft users. CVE-2025-53770—a zero-day vulnerability targeting SharePoint Server—has been confirmed as under active, large-scale exploitation globally.

Discovered by experts at Eye Security, the flaw allows attackers to compromise unpatched SharePoint servers. Microsoft has acknowledged the threat, stating it is “aware of active attacks” and initially confirmed that “a patch is currently not available.” However, with today's update, critical fixes are now accessible—bringing much-needed relief for affected organizations.

Immediate patching is strongly recommended to prevent potential compromise. These vulnerabilities apply to on-premises SharePoint Servers only. SharePoint Online in Microsoft 365 is not impacted.

Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771. Customers should apply these updates immediately to ensure they’re protected. For more: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/