Encourages customers to apply these updates immediately to ensure they’re protected.
Microsoft has released security updates that fully protect customers using all supported versions of SharePoint affected by the zero-day vulnerabilities.
Tracked as CVE-2025-53770 and CVE-2025-53771, the company said customers should apply these updates immediately to ensure they’re protected. “These vulnerabilities apply to on-premises SharePoint Servers only; SharePoint Online in Microsoft 365 is not impacted.”
In an update, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.
“Customers using SharePoint Subscription Edition, SharePoint 2019, or SharePoint 2016 should apply the security updates provided in CVE-2025-53770 & CVE-2025-53771 immediately to mitigate the vulnerability.”
Following disclosures about the 9.8 rated flaw, warnings were made about its severity. Lorri Janssen-Anessi, director of external cyber assessments at BlueVoyant said that the potential impact of this vulnerability is severe, including full system compromise, data exfiltration, and the deployment of additional malware.
“This is not a ‘patch and forget’ situation; any on-premises SharePoint server must be treated as a potential enterprise-wide compromise vector until verified and secured.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
