According to the company, Microsoft’s SharePoint Software for servers is being targeted by malicious actors, using the risk of implementation of the remote code (RCE) for unauthorized access. Security malfunction allows actors to target on -premise servers at thousands of firms with shared point servers. Researchers say that once the attackers violated these servers, they could have permanent access, even if the server is patching. Microsoft says it has developed a security patch that can reduce active attacks, and are on the way.
Intimidating actor Microsoft gains permanent access to SharePoint servers
Researchers at the European CyberScript firm Eye Security reported July 18 to the danger affecting the SharePoint on Premise Servers. He explained that the threatening actor is at zero-day, or previously unknown, (since then the CVE-2025-53770 and the CV-2025-53770 have been identified), to gain access to the server without using brot force attacks or phishing.
Microsoft Premies is aware of active attacks targeting users, targeting users, which exploits a variety of CV-2025-49706. This weakness has been assigned CV-2025-53770.
We have outlined the discharge and discoveries in our blog. Our team is working immediately for release …
– Security Response (@MSFTSC Responsone) July 20, 2025
The new threat of zero day is a weapon version of the exploitation shown earlier this year in the PWN2own Berlin (a security competition). US CISA has warned that threatening actors can process the code on the network, and access all share points on the server, such as internal configurations or file systems.
According to researchers, these attackers can use stolen keys to work by legitimate users. As a result, they can edit the invaders and install the other code, which allows them to maintain access to the servers after the security patch is installed, or the system is resumed.
The Palo -Alto Networks Unit 42 writes on the X (formerly Twitter) that the threat intelligence team is observing the “active global exploitation” of sharePoint risks, which was being used to target organizations around the world. Additional details of the attacks were shared by Intel Ripozatri, the Gut Hub of the Unit 42.
A day later, the Microsoft Security Response Center (MSRC) issued a consultation confirmed that the security flaws were being actively exploited by actors. The company says it has issued a security patch to protect the SharePoint Subscription Edition and SharePoint 2019 servers against active attacks using this exploitation.
At the time of publishing this story, Microsoft has not yet updated security for the SharePoint 2016 servers. The company’s consulting users also urges users to apply the July 2025 security updates, set up an anti -maternal scan interface (AMSI) in the SharePoint, and deploy Microsoft Defnder or similar solutions.
