Microsoft has confirmed that Chinese state threat actors are exploiting a newly discovered zero-day vulnerability in SharePoint Server. Named actors Linen Typhoon, Violet Typhoon, and Storm-2603 are specifically targeting internet-facing instances. The vulnerabilities, identified as CVE-2025-53770 and CVE-2025-53771, enable remote code execution and affect all supported SharePoint Server versions. Microsoft has released comprehensive security updates and mitigation guidance, urging customers to apply these updates immediately to ensure protection against these vulnerabilities and potential downstream attacks. Previous vulnerabilities CVE-2025-49704 and CVE-2025-49706 may also be exploited.
Chinese state cyber threat actors are targeting a serious zero-day vulnerability in SharePoint Server, confirmed by Microsoft and supported by findings from Google Cloud's Mandiant.
The identified threat actors, Linen Typhoon and Violet Typhoon, are exploiting internet-facing SharePoint instances, alongside an actor known as Storm-2603.
Microsoft has issued security updates to all supported versions of SharePoint Server and encourages customers to apply them immediately to safeguard against these vulnerabilities.
The most critical vulnerability, CVE-2025-53770, allows for full remote code execution and impacts all supported versions of SharePoint Server.
Collection
[
|
...
]