Microsoft SharePoint CVE-2025-53770 vulnerability overview

Overview

Microsoft has disclosed a critical zero-day vulnerability in SharePoint Server, tracked as CVE-2025-53770, with a CVSS score of 9.8. This vulnerability is currently being actively exploited, allowing unauthenticated remote code execution (RCE) on unpatched on-premise SharePoint servers. Notably, SharePoint Online (part of Microsoft 365) is not affected.

Microsoft SharePoint CVE-2025-53770 vulnerability overviewMicrosoft SharePoint CVE-2025-53770 vulnerability overview

The Threat


On July 18th, Eye Security reported large-scale exploitation of this vulnerability, dubbed ToolShell, which is being used to compromise on-premise SharePoint servers globally.

Variant of a Recent Bug CVE-2025-53770 is a dangerous variant of CVE-2025-49706, a spoofing vulnerability addressed in Microsoft’s July Patch Tuesday updates. This suggests that attackers are rapidly adapting and building upon previously disclosed vulnerabilities.

Microsoft SharePoint CVE-2025-53770 vulnerability overviewMicrosoft SharePoint CVE-2025-53770 vulnerability overview

Widespread Impact

Over 75 enterprises, including major government agencies and global corporations, have already been affected by these attacks, highlighting the severity of the situation.

Emergency Patch Released Microsoft has released emergency security updates for SharePoint Subscription Edition and SharePoint 2019, while patches for SharePoint Server 2016 are still pending.