Microsoft SharePoint Active Exploitation - 20250721001¶
Overview¶
Microsoft have released a critical security advisory relating to a vulnerability impacting SharePoint Server. Successful exploitation could allow an unauthorized attacker to execute code over a network.
Microsoft have noted exploitation detected in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| SharePoint Server | 2019 prior to 16.0.10417.20027 2016 prior to 16.0.5508.1000 Subscription Edition prior to 16.0.18526.20508 |
CVE-2025-53770 | 9.8 | Critical |
What has been observed?¶
Microsoft have noted exploitation detected in the wild. CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties catalog. The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
UPDATE: Patches for Sharepoint 2016 and 2019 have been released by Microsoft. Please patch as soon as possible.
The WA SOC recommends administrators apply the solutions and mitigations as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):
- Microsoft CVE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
- Microsoft Customer Guidance: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/