Critical Microsoft SharePoint Vulnerability Actively Exploited in Large-Scale Campaign

A critical vulnerability in Microsoft SharePoint Server, identified as CVE-2025-53770 with a CVSS score of 9.8, is being actively exploited in a large-scale campaign. This flaw is a variant of CVE-2025-49704, which had a CVSS score of 8.8 and involved code injection and remote code execution (RCE). The new vulnerability is being exploited to compromise enterprise servers, with over 75 servers affected to date. Microsoft SharePoint Server is a widely used platform for document management and collaboration in enterprise environments. The vulnerability allows attackers to inject malicious code and execute it remotely, potentially gaining full control over the affected systems. The high CVSS score underscores the severity of this vulnerability, which poses a significant risk to organizations using SharePoint. The fact that this vulnerability is a variant of a previously patched flaw highlights the evolving nature of cyber threats. Attackers are continually finding new ways to exploit similar vulnerabilities, emphasizing the importance of not only patching known issues but also monitoring for new variants. For cybersecurity professionals, this vulnerability underscores the critical need for immediate patching and robust security measures. Organizations should prioritize applying the latest patches from Microsoft and review their SharePoint configurations to ensure proper security measures are in place. Network segmentation and intrusion detection systems can also help mitigate the risk of exploitation. In conclusion, the active exploitation of CVE-2025-53770 in Microsoft SharePoint Server represents a significant threat to enterprise environments. Cybersecurity professionals must act swiftly to apply patches and enhance their security posture to protect against this critical vulnerability.