All articles tagged with #cve 2025 53770
Microsoft released an emergency security update for a SharePoint Server vulnerability (CVE-2025-53770) actively exploited by hackers to breach organizations, including U.S. federal agencies, with attackers installing a backdoor called ToolShell for remote access. Organizations are advised to implement immediate security measures and not wait for official patches, as the threat is spreading rapidly.
CISA warns of active exploitation of a new SharePoint remote code execution vulnerability (CVE-2025-53770), which allows unauthorized access and full control over SharePoint content. Organizations are advised to implement recommended security measures such as enabling AMSI, deploying Microsoft Defender, monitoring for suspicious activity, and applying official patches to mitigate risks. The vulnerability has been added to CISA’s KEV catalog, and incident reporting is encouraged.
Microsoft SharePoint servers are currently under a widespread attack exploiting a critical vulnerability (CVE-2025-53770) with no available patch, allowing attackers to gain control without authentication, potentially leading to data theft and lateral movement across networks. Microsoft is working on a fix, and users are advised to implement mitigations such as enabling antimalware and disconnecting servers from the internet if possible.
A critical zero-day vulnerability in Microsoft SharePoint Server, CVE-2025-53770, is actively being exploited in large-scale attacks, breaching over 75 organizations worldwide. Microsoft is working on a fix, but until then, recommended mitigations include enabling AMSI integration and deploying Defender AV. The attack chain involves delivering ASPX payloads via PowerShell to steal server keys, enabling remote code execution and persistent access.