Excerpt from Times of India Article, Published on July 21, 2025
A critical Microsoft SharePoint zero-day vulnerability (CVE-2025-53770) is being actively exploited in large-scale cyberattacks targeting at least 75 servers worldwide, including major corporations and U.S. government agencies. This breach poses a severe threat to organizations dependent on the Microsoft collaboration platform.
Zero-Day Vulnerability Exploited
The flaw enables unauthenticated remote code execution by exploiting how SharePoint deserializes untrusted data. Attackers have leveraged this vulnerability to steal cryptographic keys and deploy persistent web shells, giving them full administrative control over affected servers. Because the malicious activity blends with normal server operations, detection remains challenging.
Microsoft’s Response and Mitigation
Microsoft has acknowledged the ongoing attacks and is working on a security patch. While updates have been released for SharePoint Subscription Edition and 2019, SharePoint 2016 remains unpatched. Until fixes are available, Microsoft recommends:
-
Enabling Antimalware Scan Interface (AMSI) with Defender Antivirus.
-
Disconnecting vulnerable servers from the internet if AMSI cannot be enabled.
-
Deploying Defender for Endpoint to detect suspicious files like the stealthy spinstall0.aspx web shell.
Impact and Urgency
The SharePoint Online cloud service is unaffected, but all on-premises versions are at risk. With a CVSS score of 9.8, this breach demands immediate action from organizations to apply patches and mitigation steps.
To delve deeper into this topic, read the article from Times of India.
