Microsoft Hurries Emergency Fix for Actively Abused SharePoint Flaws (Zero-day Exploit)
In a significant cybersecurity development, two zero-day vulnerabilities have been discovered in Microsoft 365 SharePoint Server. These vulnerabilities, identified as CVE-2025-53770 and CVE-2025-53771, pose a serious threat to organizations using these systems, potentially leading to a complete compromise of targeted servers, including access to sensitive data and the ability to install malicious web shells for persistent access.
These vulnerabilities, dubbed "ToolShell" by the Cybersecurity and Infrastructure Security Agency (CISA), have been placed on the Known Exploited Vulnerabilities (KEV) list due to the potential for active exploitation.
Qualys, a leading cybersecurity company, has released QIDs for these vulnerabilities and offers comprehensive coverage and visibility into them through its Vulnerability Management Detection and Response (VMDR) service. The Qualys agent enables the immediate deployment of relevant patches for the Microsoft 365 SharePoint vulnerabilities.
To help organizations rapidly respond to, prioritize, and mitigate associated risks, Qualys VMDR provides a specific query to list all the vulnerabilities. For a more in-depth technical understanding of the Microsoft 365 SharePoint vulnerabilities, visit the Qualys Threat Protect post.
In response to these vulnerabilities, Microsoft issued an emergency out-of-band security update on July 19, 2025, to address the issues. It's essential for customers to address these vulnerabilities quickly, especially on internet-facing Microsoft 365 SharePoint deployments.
Qualys' CyberSecurity Asset Management (CSAM) 3.0 and External Attack Surface Management module can help identify at-risk Microsoft 365 SharePoint servers. For those who prefer a comprehensive risk reduction solution, Qualys' TruRisk Eliminate offers options to patch the Microsoft 365 SharePoint vulnerabilities or apply out-of-the-box mitigations until a patch can be deployed.
It's worth noting that the researchers who developed the Microsoft 365 SharePoint Server bypasses and tested the Qualys mitigations for the mentioned vulnerabilities have not been explicitly named in the available search results. However, the critical Microsoft 365 SharePoint vulnerabilities, including CVE-2025-53770, were initially disclosed during the Pwn2Own hacking contest, and security researchers such as those from Trend Micro and the CTU (Cyber Threat Unit) have analysed related exploits and attack chains.
Remediation (Patch) will fix the vulnerability permanently, while Mitigation is a temporary fix until a patch can be deployed. Mitigations reduce risk by making the vulnerability non-exploitable, and a visible reduction in the Qualys Detection Score (QDS) can be seen after successful application.
The first vulnerability, CVE-2025-53770, is a critical-severity vulnerability with a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary code on a vulnerable Microsoft 365 SharePoint server. The second vulnerability, CVE-2025-53771, is a spoofing vulnerability with a CVSS score of 6.3, arising from an improper limitation of a pathname to a restricted directory.
In conclusion, prompt action is required to address these critical vulnerabilities in Microsoft 365 SharePoint Server. Organizations are advised to utilise the tools and resources provided by Qualys and Microsoft to protect their systems and data from potential exploitation.
Read also:
- Global Content Dissemination Through Cross-Linguistic Voiceovers
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
- AI-Generated Humor Spreads on Gemini Nano Banana: Light-hearted Modifications Spark Concerns over User Privacy
- New study reveals that Language Models can execute complex assaults independent of human intervention
){kind=link}