- When correcting the defects used, Microsoft may also have introduced new bugs
- The emissions affected several variants on pre-table
- Pirates already exploit them in nature, so users should patcher now
Microsoft has published an urgent correction to correct zero day vulnerability affecting SharePoint servers on site.
Vulnerability is already used in nature, which is why users are invited to apply the patch immediately and secure their assets.
Three Microsoft products would have been affected: SharePoint Server Edition subscription, SharePoint Server 2019 and SharePoint Server 2016. SharePoint Online (Microsoft 365) is not affected.
How to secure your ending points
The vulnerability addressed is described as an deialization of unreliable data in the Microsoft SharePoint server on site, which allows an unauthorized attacker to execute code on a network. It is followed as CVE-2025-53770 and carries a gravity score of 9.8 / 10 (critic).
“Microsoft is aware that a feat for CVE-2025-53770 exists in nature,” said the National Vulnerability Database (NVD) in his opinion.
To secure the termination points, Microsoft immediately recommends applying the security updates of July 2025, as well as the activation of the anti-logical digitization interface (AMSI) for SharePoint and to ensure that the antivirus defender is deployed.
After the AMSI corrective or activation, users must rotate their ASP.NET machine keys, deploy Microsoft Defender for Endpoint to detect post-exploitation activity or move to supported sharepoint versions, if necessary.
The vulnerability was in fact introduced when fixing a pair of bugs which were also exploited in the wild. Follow-up in CVE-2025-49706 and CVE-2025-49704, these two were set in July, but introduced two new faults-CVE-2025-53770 and CVE-2025-53771, a 6.3 / 10 (medium) course bug which allows you to listen to a network.
The new bugs were quickly identified by threat actors and abused in attacks since July 18, with at least 85 apparently affected organizations, including several multinationals and government entities, such as a private university and a private energy operator in California, a health organization of the federal government and a private fintech society in New York.
Via Bleeping Compompute
