Hackers actively exploiting unpatched Microsoft SharePoint vulnerability CVE-2025-53770

Hackers actively exploiting unpatched Microsoft SharePoint vulnerability CVE-2025-53770

Home » News » Hackers actively exploiting unpatched Microsoft SharePoint vulnerability CVE-2025-53770
Table of Contents

During the last weekend, quite a few cybersecurity businesses revealed new cybersecurity assaults concentrating on on-premises SharePoint Server prospects by exploiting unpatched vulnerabilities. The CVE-2025-53770, additionally known as ToolShell, permits attackers to realize management of SharePoint servers with out authentication.

Microsoft is conscious of those energetic assaults and introduced that these points are partially addressed by the July Safety Replace. It is very important be aware that these vulnerabilities have an effect on solely on-premises SharePoint Servers. Microsoft particularly highlighted that SharePoint On-line in Microsoft 365 will not be impacted.

Clients can obtain the July Safety Replace for Microsoft SharePoint Server Subscription Version and Microsoft SharePoint Server 2019 utilizing the next hyperlinks:

Whereas Microsoft is working to launch a hotfix to handle this safety vulnerability utterly, prospects can comply with the next steps to mitigate the problem:

  • Use supported variations of on-premises SharePoint Server.
  • Apply the most recent safety updates, together with the July 2025 Safety Replace.
  • Make sure the Antimalware Scan Interface (AMSI) is turned on and configured appropriately, with an applicable antivirus resolution akin to Microsoft Defender Antivirus.
  • Deploy Microsoft Defender for Endpoint safety or an equal endpoint risk resolution.
  • Rotate SharePoint Server ASP.NET machine keys.

Microsoft additionally famous that Microsoft Defender Antivirus can already detect if a server is affected by this vulnerability. Clients can discover these threats underneath the next detection names:

  • Exploit:Script/SuspSignoutReq.A
  • Trojan:Win32/HijackSharePointServer.A

“Our crew scanned 8000+ SharePoint servers worldwide. We found dozens of methods actively compromised, most likely on July 18th round 18:00 UTC and July nineteenth round 07:30 UTC,” wrote the cybersecurity analysis agency, Eye.

Given the energetic exploitation of this vulnerability, it’s essential for all on-premises SharePoint directors to use the most recent safety updates and implement the beneficial mitigation steps instantly.

author avatar
roosho Senior Engineer (Technical Services)
I am Rakib Raihan RooSho, Jack of all IT Trades. You got it right. Good for nothing. I try a lot of things and fail more than that. That's how I learn. Whenever I succeed, I note that in my cookbook. Eventually, that became my blog. 

share this article.

Enjoying my articles?

Sign up to get new content delivered straight to your inbox.

Please enable JavaScript in your browser to complete this form.
Name