Microsoft is experiencing severe attacks targeting its SharePoint Server due to a critical vulnerability, CVE-2025-53770, that allows for remote code execution. This bug, considered a variant of a previously disclosed flaw, has been linked to government-backed hackers aiming to exploit systems for unauthorized access. Vulnerable versions include SharePoint Enterprise Server 2016 and 2019. Despite warnings and efforts, a fix for the 2016 version remains unfixed, prompting significant concern from cybersecurity agencies in the US and UK.
The flaw, a critical, 9.8-rated remote code execution vulnerability tracked as CVE-2025-53770, is a variant of CVE-2025-49706, which Microsoft disclosed and attempted to fix in its July Patch Tuesday event.
Exploits abusing the security hole, now being called 'ToolShell' by infosec experts, allow attackers to fully take over SharePoint Servers, including file systems and internal configurations, and execute code over the network.
Collection
[
|
...
]