Microsoft Patches Critical SharePoint Vulnerability Under Active Attack
Microsoft has rushed out an emergency patch for a critical vulnerability in its SharePoint Server, following reports of active exploitation by cybercriminals. The Cybersecurity & Infrastructure Security Agency (CISA) has confirmed that this new flaw, CVE-2025-53770, is a variant of a previously patched issue, CVE-2025-49706.
The Washington Post has revealed that U.S. federal agencies, universities, and energy companies have fallen victim to breaches exploiting this SharePoint vulnerability. Eye Security researchers discovered dozens of servers compromised by the flaw and infected with a backdoor called 'ToolShell' on July 18, 2025. Microsoft has issued updates for SharePoint Server Subscription Edition and SharePoint Server 2019, but work on patches for older versions is ongoing. Notably, SharePoint Online and Microsoft 365 are unaffected by this vulnerability.
CISA advises vulnerable organizations to enable Advanced Malware Scanning Interface (AMSI), deploy Microsoft Defender Antivirus, and disconnect affected products from the internet until the official patch is available. ToolShell allows attackers to gain unauthenticated, remote access to compromised servers, enabling them to access SharePoint content and execute code over the network.
Microsoft Corp. has issued an emergency security update for the vulnerability (CVE-2025-53770) that is actively being exploited. While specific affected organizations in Germany remain undisclosed, over 100 companies worldwide, including universities, energy firms, and telecommunications providers, have been advised to patch their on-premises SharePoint Server instances following active exploitation reports from July 2025.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Ukraine's Drone Revolution: Rapid Evolution and Countermeasures
- EU's Energy Infrastructure Under Siege: Cyber Attacks Surge 67% in 2025
- Vito Schnabel's Art & Real Estate Fortune Tops €10.4M
