Microsoft SharePoint servers are facing a critical threat from a zero-day vulnerability, identified as CVE-2025-53770. This flaw allows attackers to install backdoors and gain full control over vulnerable on-premises SharePoint Servers by exploiting security keys. While a patch is not yet available, Microsoft advises users to enable Antimalware Scan Interface (AMSI) integration and deploy Defender AV to mitigate risks. The vulnerability, stemming from the deserialization of untrusted data, affects SharePoint Server 2019, SharePoint Enterprise Server 2016, and SharePoint Server Subscription Edition. SharePoint Online users are not at risk. The attack, which has been active since mid-July, involves a stealthy ASPX file designed to extract cryptographic secrets, turning authenticated requests into remote code execution opportunities. Organizations are urged to check for signs of compromise and take immediate action if affected. Microsoft has released updates for certain SharePoint versions to address the issue, and CISA has instructed US federal agencies to implement mitigations promptly. The breach has impacted various sectors, including government, energy, and academia, highlighting the urgent need for vigilance and security measures.
Are Microsoft SharePoint servers vulnerable to a new zero-day attack?
