6.5
MEDIUM
CVE-2025-53771
Microsoft Office SharePoint Path Traversal Spoofing
Description

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

INFO

Published Date :

July 20, 2025, 11:15 p.m.

Last Modified :

Aug. 14, 2025, 5:29 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2025-53771 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft sharepoint_server
2 Microsoft sharepoint_server_2016
3 Microsoft sharepoint_server_2019
: Total Affected Vendor : 1 | Products : 3
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM [email protected]
Public PoC/Exploit Available at Github

CVE-2025-53771 has a 11 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-53771.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 Vendor Advisory
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ Press/Media Coverage
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-53771 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-53771 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
ghostn4444/CVE-2025-53770

CVE-2025-53770 - SharePoint

Updated: 23 hours, 52 minutes ago
0 stars 0 fork 0 watcher
Born at : Aug. 14, 2025, 8:57 a.m. This repo has been linked 4 different CVEs too.
Profile Photo
UnHackerEnCapital/RiCharEpoint

SharePoint 2025 RCE Exploitation GUI

Python Ruby

Updated: 6 days, 13 hours ago
1 stars 1 fork 1 watcher
Born at : Aug. 8, 2025, 5:40 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
kharonsec/pentest_toolkit

A comprehensive penetration testing framework with a modular architecture for security researchers, penetration testers, and ethical hackers.

Python Shell

Updated: 6 days, 18 hours ago
0 stars 0 fork 0 watcher
Born at : Aug. 8, 2025, 2:10 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
unk9vvn/sharepoint-toolpane

Sharepoint ToolPane - PoC

sharepoint zeroday cve-2025-53770 cve-2025-53771

Python

Updated: 2 weeks, 2 days ago
4 stars 1 fork 1 watcher
Born at : July 26, 2025, 10:54 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
haKC-ai/panhandlr

#AI powered OSINT pipeline that automates the transformation of Google Dorks into actionable threat intelligence and structured STIX 2.1 reports.

Python Shell

Updated: 3 weeks, 1 day ago
1 stars 0 fork 0 watcher
Born at : July 24, 2025, 3:16 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
zach115th/ToolShellFinder

Scans Windows IIS logs for signs of CVE-2025-53770 & CVE-2025-53771

PowerShell

Updated: 1 week, 2 days ago
0 stars 1 fork 1 watcher
Born at : July 23, 2025, 11:43 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
Salehswt/SharePoint-CVEs-Hunter

None

PowerShell

Updated: 3 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : July 22, 2025, 9:54 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
Sec-Dan/CVE-2025-53770-Scanner

A Python-based reconnaissance scanner for safely identifying potential exposure to SharePoint vulnerability CVE-2025-53770.

blueteam cve cve-2025-53770 infosec osint pentest reconnaissance security-tool sharepoint sharepoint-2016 vulnerability

Python

Updated: 3 weeks, 2 days ago
1 stars 1 fork 1 watcher
Born at : July 22, 2025, 7:17 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
a-hydrae/ToolShell-Honeypot

Honeypot for CVE-2025-53770 aka ToolShell

Python Shell YARA

Updated: 2 weeks, 6 days ago
0 stars 1 fork 1 watcher
Born at : July 22, 2025, 1:44 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
inverzeio/media

Interviews and appearances in social media

Updated: 3 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : Jan. 14, 2024, 4:41 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
giterlizzi/secdb-feeds

SecDB - Security Feeds

cve security-feeds vulnerability

Updated: 5 days, 19 hours ago
0 stars 0 fork 0 watcher
Born at : July 1, 2022, 8:37 p.m. This repo has been linked 102 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-53771 vulnerability anywhere in the article.

  • CybersecurityNews
Qilin Ransomware Leads The Attack Landscape With 70+ Claimed Victims in July

The ransomware threat landscape witnessed a concerning surge in July 2025, with the Qilin ransomware group maintaining its dominant position for the third time in four months. The group successfully c ... Read more

Published Date: Aug 14, 2025 (9 hours, 13 minutes ago)
  • Help Net Security
Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)

For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal flaw in Windows Kerberos (C ... Read more

Published Date: Aug 13, 2025 (1 day, 20 hours ago)
  • Help Net Security
August 2025 Patch Tuesday forecast: Try, try, again

July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft re ... Read more

Published Date: Aug 08, 2025 (1 week ago)
  • The Register
CISA releases malware analysis for Sharepoint Server attack

CISA has published a malware analysis report with compromise indicators and Sigma rules for "ToolShell" attacks targeting specific Microsoft SharePoint Server versions. "Cyber threat actors have chain ... Read more

Published Date: Aug 07, 2025 (1 week ago)
  • security.nl
VS deelt informatie over malware aangetroffen bij SharePoint-aanvallen

Het Amerikaanse cyberagentschap CISA heeft informatie gedeeld over malware die bij recente aanvallen tegen Microsoft SharePoint-servers is aangetroffen. Met de informatie kunnen organisaties kijken of ... Read more

Published Date: Aug 07, 2025 (1 week ago)
  • Daily CyberSecurity
CISA Warns of “ToolShell”: Critical Exploit Chain Hits SharePoint Servers, Bypasses Authentication

The Cybersecurity and Infrastructure Security Agency (CISA) has released an in-depth Malware Analysis Report warning of a sophisticated exploitation campaign targeting on-premises Microsoft SharePoint ... Read more

Published Date: Aug 07, 2025 (1 week, 1 day ago)
  • CybersecurityNews
Chinese Hackers Exploit SharePoint Vulnerabilities to Deploy Toolsets Includes Backdoor, Ransomware and Loaders

A sophisticated Chinese threat actor has been exploiting critical vulnerabilities in Microsoft SharePoint to deploy an advanced malware toolset dubbed “Project AK47,” according to new research publish ... Read more

Published Date: Aug 06, 2025 (1 week, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 05, 2025 (1 week, 2 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 05, 2025 (1 week, 3 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 04, 2025 (1 week, 3 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 04, 2025 (1 week, 3 days ago)
  • BleepingComputer
Ransomware gangs join attacks targeting Microsoft SharePoint servers

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 o ... Read more

Published Date: Aug 04, 2025 (1 week, 3 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 04, 2025 (1 week, 3 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 04, 2025 (1 week, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 04, 2025 (1 week, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 04, 2025 (1 week, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 03, 2025 (1 week, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 03, 2025 (1 week, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 03, 2025 (1 week, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 03, 2025 (1 week, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 03, 2025 (1 week, 5 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 02, 2025 (1 week, 5 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 02, 2025 (1 week, 5 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 02, 2025 (1 week, 6 days ago)
  • CybersecurityNews
Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections

A newly identified threat actor designated Storm-2603 has emerged as a sophisticated adversary in the ransomware landscape, leveraging advanced custom malware to circumvent endpoint security protectio ... Read more

Published Date: Aug 02, 2025 (1 week, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 01, 2025 (1 week, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 01, 2025 (1 week, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 01, 2025 (1 week, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 01, 2025 (1 week, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 01, 2025 (1 week, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 01, 2025 (2 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Aug 01, 2025 (2 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 31, 2025 (2 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 31, 2025 (2 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 31, 2025 (2 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 31, 2025 (2 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 31, 2025 (2 weeks ago)
  • AttackIQ
Response to CISA Alert: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities

On July 8, 2025, vulnerabilities CVE-2025-49704 (Remote Code Execution) and CVE-2025-49706 (Network Spoofing), affecting on-premises Microsoft SharePoint servers, were officially reported. On the same ... Read more

Published Date: Jul 30, 2025 (2 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 30, 2025 (2 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 30, 2025 (2 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 30, 2025 (2 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 30, 2025 (2 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 30, 2025 (2 weeks, 2 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 29, 2025 (2 weeks, 2 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 29, 2025 (2 weeks, 2 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 29, 2025 (2 weeks, 3 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 29, 2025 (2 weeks, 3 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 28, 2025 (2 weeks, 3 days ago)
  • CybersecurityNews
New “ToolShell” Exploit Chain Attacking SharePoint Servers to Gain Complete Control

A critical new threat targeting Microsoft SharePoint servers through a sophisticated exploit chain dubbed “ToolShell.” This multi-stage attack combines previously patched vulnerabilities with fresh ze ... Read more

Published Date: Jul 28, 2025 (2 weeks, 3 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 28, 2025 (2 weeks, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 28, 2025 (2 weeks, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 28, 2025 (2 weeks, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 28, 2025 (2 weeks, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 27, 2025 (2 weeks, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 27, 2025 (2 weeks, 4 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 27, 2025 (2 weeks, 5 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 26, 2025 (2 weeks, 5 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 26, 2025 (2 weeks, 5 days ago)
  • The Register
Blame a leak for Microsoft SharePoint attacks, researcher insists

A week after Microsoft told the world that its July software updates didn't fully fix a couple of bugs, which allowed miscreants to take over on-premises SharePoint servers and remotely execute code, ... Read more

Published Date: Jul 26, 2025 (2 weeks, 5 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 26, 2025 (2 weeks, 5 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 26, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 26, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 26, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 26, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (2 weeks, 6 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 30

The Good | Authorities Dismantle XSS.is Cybercrime Forum & Release Free Phobos/8Base Decryptor After a 12-year long run, XSS[.]is (formerly DaMaGeLaB) faced major disruptions this week with the arrest ... Read more

Published Date: Jul 25, 2025 (2 weeks, 6 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 30

The Good | Authorities Dismantle XSS.is Cybercrime Forum & Release Free Phobos/8Base Decryptor After a 12-year long run, XSS[.]is (formerly DaMaGeLaB) faced major disruptions this week with the arrest ... Read more

Published Date: Jul 25, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (2 weeks, 6 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (3 weeks ago)
  • CybersecurityNews
Hackers Exploiting Sharepoint 0-day Vulnerability to Deploy Warlock Ransomware

Microsoft has issued urgent warnings about active exploitation of critical SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 by multiple threat actors, including the China-based group Storm ... Read more

Published Date: Jul 25, 2025 (3 weeks ago)
  • Kaspersky
ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not requi ... Read more

Published Date: Jul 25, 2025 (3 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (3 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (3 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 25, 2025 (3 weeks ago)
  • CybersecurityNews
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups

A critical zero-day vulnerability in Microsoft SharePoint servers has become a playground for threat actors across the cybercriminal spectrum, with attacks ranging from opportunistic hackers to sophis ... Read more

Published Date: Jul 24, 2025 (3 weeks ago)
  • The Register
Microsoft: SharePoint attacks now officially include ransomware infections

Ransomware has officially entered the Microsoft SharePoint exploitation ring. Late Wednesday, in an update to its earlier warning, Redmond confirmed that a threat group it tracks as Storm-2603 is abus ... Read more

Published Date: Jul 24, 2025 (3 weeks ago)
  • Help Net Security
Storm-2603 spotted deploying ransomware on exploited SharePoint servers

One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. Fir ... Read more

Published Date: Jul 24, 2025 (3 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 24, 2025 (3 weeks ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Brave Browser Blocks Microsoft Recall from Tracking Online Activity

Brave browser has announced a new privacy measure, automatically blocking Microsoft’s controversial Recall feature from taking screenshots of browsing activity. This move, implemented in version 1.81 ... Read more

Published Date: Jul 24, 2025 (3 weeks ago)
  • The Cyber Express
Chinese Hackers Now Exploiting SharePoint Zero-Days to Deploy Warlock Ransomware: MSFT

Microsoft Threat Intelligence in an updated warning said that China-based hackers, which it tracks as Storm-2603, has quickly pivoted and now exploiting unpatched on-premise SharePoint systems to depl ... Read more

Published Date: Jul 24, 2025 (3 weeks ago)
  • CybersecurityNews
Metasploit Module Released For Actively Exploited SharePoint 0-Day Vulnerabilities

Researchers have developed a new Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are being actively exploited in the wild. The module, designa ... Read more

Published Date: Jul 24, 2025 (3 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 24, 2025 (3 weeks ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 24, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 24, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 24, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 24, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 23, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 23, 2025 (3 weeks, 1 day ago)
  • The Register
Microsoft SharePoint victim count hits 400+ orgs in ongoing attacks

More than 400 organizations have been compromised in the Microsoft SharePoint attack, according to Eye Security, which initially sounded the alarm on the mass exploitation last Friday, even before Red ... Read more

Published Date: Jul 23, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 23, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 23, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 23, 2025 (3 weeks, 1 day ago)
  • CybersecurityNews
CISA Warns of Chinese Hackers Exploiting SharePoint 0-Day Flaws in Active Exploitation

CISA has issued an urgent alert regarding active exploitation of critical Microsoft SharePoint vulnerabilities by suspected Chinese threat actors. The attack campaign, dubbed “ToolShell,” leverages a ... Read more

Published Date: Jul 23, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 23, 2025 (3 weeks, 1 day ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 23, 2025 (3 weeks, 2 days ago)
  • CybersecurityNews
Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Flaw in the Wild

Microsoft has confirmed that Chinese state-sponsored threat actors are actively exploiting critical zero-day vulnerabilities in on-premises SharePoint servers, prompting urgent security warnings for o ... Read more

Published Date: Jul 23, 2025 (3 weeks, 2 days ago)
  • The Hacker News
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

Jul 23, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-497 ... Read more

Published Date: Jul 23, 2025 (3 weeks, 2 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Widespread SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Widespread SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Microsoft Reveals Chinese State Hackers Exploiting SharePoint Flaws

Microsoft’s critical new update reveals that specific Chinese nation-state threat groups are actively exploiting vulnerabilities in its on-premises SharePoint servers. Following an earlier report from ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • The Register
Surprise, surprise: Chinese spies, IP stealers, other miscreants attacking Microsoft SharePoint servers

At least three Chinese groups are attacking on-premises SharePoint servers via a couple of recently disclosed Microsoft bugs, according to Redmond. Two of the crews behind the zero-day attacks are gov ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • The Cloudflare Blog
Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

2025-07-223 min readOn July 19, 2025, Microsoft disclosed CVE-2025-53770, a critical zero-day Remote Code Execution (RCE) vulnerability. Assigned a CVSS 3.1 base score of 9.8 (Critical), the vulnerabi ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • cybereason.com
CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

Cybereason is actively investigating exploitation of these vulnerabilities. Check the Cybereason blog for additional updates. Key Takeaways Two zero-day vulnerabilities discovered in on-premise Micros ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • The Hacker News
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Jul 22, 2025Ravie LakshmananVulnerability / Threat Intelligence Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking g ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Widespread SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • Help Net Security
Microsoft pins on-prem SharePoint attacks on Chinese threat actors

As Microsoft continues to update its customer guidance for protecting on-prem SharePoint servers against the latest in-the-wild attacks, more security firms have begun sharing details about the ones t ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • The Register
Microsoft patches critical SharePoint 2016 zero-days amid active exploits

Microsoft has good news for administrators running SharePoint Server 2016. The cloud and software megacorp has published updates to close a gaping hole in the document management service. What's parti ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Widespread SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • security.nl
Microsoft: meerdere statelijke actoren misbruiken SharePoint-lekken

Meerder statelijke actoren maken actief misbruik van kwetsbaarheden in SharePoint, zo claimt Microsoft vandaag. De aanvallen zouden mogelijk al sinds 7 juli plaatsvinden. Daarbij werd in eerste instan ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Hackers Exploit Microsoft SharePoint Flaws in Global Breaches

New information has emerged regarding ongoing cyberattacks against Microsoft’s on-premises SharePoint servers, revealing a wider impact than initially understood. Yesterday, Hackread.com reported on M ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • BleepingComputer
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

Several hacking groups with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. They used this exploit ... Read more

Published Date: Jul 22, 2025 (3 weeks, 2 days ago)
  • The Hacker News
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said ... Read more

Published Date: Jul 22, 2025 (3 weeks, 3 days ago)
  • CrowdStrike.com
CrowdStrike Detects and Blocks Widespread SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

Published Date: Jul 22, 2025 (3 weeks, 3 days ago)
  • CybersecurityNews
Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day

Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. M ... Read more

Published Date: Jul 22, 2025 (3 weeks, 3 days ago)
  • Trend Micro
Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

Exploits & Vulnerabilities CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote ... Read more

Published Date: Jul 22, 2025 (3 weeks, 3 days ago)
  • SentinelOne
More From Our Main Blog: SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers

On July 19th, Microsoft confirmed that a 0-day vulnerability impacting on-premises Microsoft SharePoint Servers, dubbed “ToolShell” (by researcher Khoa Dinh @_l0gg), was being actively exploited in th ... Read more

Published Date: Jul 21, 2025 (3 weeks, 3 days ago)
  • SentinelOne
More From Our Main Blog: SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers

On July 19th, Microsoft confirmed that a 0-day vulnerability impacting on-premises Microsoft SharePoint Servers, dubbed “ToolShell” (by researcher Khoa Dinh @_l0gg), was being actively exploited in th ... Read more

Published Date: Jul 21, 2025 (3 weeks, 3 days ago)
  • Ars Technica
SharePoint vulnerability with 9.8 severity rating under exploit across globe

ASSUME COMPROMISE Ongoing attacks are allowing hackers to steal credentials giving privileged access. Authorities and researchers are sounding the alarm over the active mass exploitation of a high-sev ... Read more

Published Date: Jul 21, 2025 (3 weeks, 3 days ago)
  • krebsonsecurity.com
Microsoft Fix Targets Attacks on SharePoint Zero-Day

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch come ... Read more

Published Date: Jul 21, 2025 (3 weeks, 3 days ago)
  • Kaspersky
Update Microsoft SharePoint ASAP | Kaspersky official blog

Unknown malefactors are actively attacking companies that use SharePoint Server 2016, SharePoint Server 2019 and SharePoint Server Subscription Edition. By exploiting a chain of two vulnerabilities – ... Read more

Published Date: Jul 21, 2025 (3 weeks, 3 days ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Microsoft Confirms Hackers Exploiting SharePoint Flaws, Patch Now

Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers are already exploiting them in active campaigns. The vul ... Read more

Published Date: Jul 21, 2025 (3 weeks, 3 days ago)
  • The Register
Microsoft patches under-attack SharePoint 2019 and SE

Microsoft is releasing out-of-band security updates for SharePoint Server 2019 and SharePoint Server Subscription Edition, following a warning that vulnerable versions were now under attack. If AMSI c ... Read more

Published Date: Jul 21, 2025 (3 weeks, 3 days ago)
  • CybersecurityNews
Microsoft Released Emergency Security Update to Patch Critical SharePoint 0-Day Vulnerability

Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting. The vulnerabilities, assigned as ... Read more

Published Date: Jul 21, 2025 (3 weeks, 4 days ago)
  • security.nl
NCSC en Microsoft waarschuwen voor actief misbruik van SharePoint-lek

maandag 21 juli 2025, 09:24 door Redactie, 18 reactiesLaatst bijgewerkt: Gisteren, 16:40 Het Nationaal Cyber Security Centrum (NCSC), Microsoft en het Amerikaanse cyberagentschap CISA waarschuwen voor ... Read more

Published Date: Jul 21, 2025 (3 weeks, 4 days ago)
  • The Cyber Express
Zero-Day Vulnerability Hits Microsoft SharePoint, Urgent Patch Issued

Microsoft has issued a warning about active cyberattacks targeting on-premises SharePoint servers widely used by government agencies and businesses. The cyberattacks exploit a zero-day vulnerability t ... Read more

Published Date: Jul 21, 2025 (3 weeks, 4 days ago)
  • BleepingComputer
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attac ... Read more

Published Date: Jul 21, 2025 (3 weeks, 4 days ago)
  • The Hacker News
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also released details of another vulnerability that it said has been addressed with "more robust ... Read more

Published Date: Jul 21, 2025 (3 weeks, 4 days ago)
  • The Register
Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack

Infosec In Brief Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that its own failure to completely fix pa ... Read more

Published Date: Jul 21, 2025 (3 weeks, 4 days ago)

The following table lists the changes that have been made to the CVE-2025-53771 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Aug. 14, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:* versions up to (excluding) 16.0.18526.20508
    Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 Types: Vendor Advisory
    Added Reference Type CVE: https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ Types: Press/Media Coverage
  • CVE Modified by [email protected]

    Jul. 31, 2025

    Action Type Old Value New Value
    Changed Description Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
  • CVE Modified by [email protected]

    Jul. 22, 2025

    Action Type Old Value New Value
    Changed Description Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    Removed CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
    Added CWE CWE-287
    Removed CWE CWE-22
    Removed CWE CWE-20
    Removed CWE CWE-707
  • CVE Modified by [email protected]

    Jul. 21, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
    Removed CVSS V3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Jul. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
  • New CVE Received by [email protected]

    Jul. 20, 2025

    Action Type Old Value New Value
    Added Description Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
    Added CWE CWE-22
    Added CWE CWE-20
    Added CWE CWE-707
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 6.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact