Over the weekend, Microsoft issued an urgent alert regarding a zero-day vulnerability being actively exploited in on-premise SharePoint servers globally. This flaw, identified as CVE-2025-53770, poses a significant threat to governments and enterprises, allowing attackers to compromise cryptographic keys and maintain access even after servers are patched. In response, Microsoft released a security update early Monday for all SharePoint editions except 2016, addressing both CVE-2025-53770 and a less severe vulnerability, CVE-2025-53771. The U.S. Cybersecurity and Infrastructure Security Agency mandated immediate remediation by federal agencies, adding the bug to its Known Exploited Vulnerabilities catalog. Eye Security first identified the widespread exploitation, observing compromised systems across government, technology, and enterprise sectors. Attackers are bypassing identity controls to gain unauthorized access, exfiltrating data, and deploying persistent threats. Experts warn that patching alone is insufficient, urging organizations with exposed on-prem SharePoint to assume compromise and take comprehensive remediation steps, including rotating compromised cryptographic keys.
Are hackers exploiting a critical zero-day vulnerability in Microsoft SharePoint?
