Olemedia / Getty Images
Microsoft has patched three critical zero-day SharePoint security flaws that have already been exploited by hackers to attack a larger number of vulnerable organizations. Responding to the exploits, the software giant initially issued fixes just for SharePoint Server Subscription Edition and SharePoint Server 2019 and then eventually rolled out a patch for SharePoint Server 2016 as well.
Designated as CVE-2025-53771 and CVE-2025-53770, the two vulnerabilities apply only to on-premises versions of SharePoint, so organizations that run the cloud-based SharePoint Online are unaffected.
Also: I replaced my Microsoft account password with a passkey - and you should, too
Rated as important, CVE-2025-53771 is defined as a SharePoint Server spoofing vulnerability, which means that attackers are able to impersonate trusted and legitimate users or resources in a SharePoint environment. Rated as critical, CVE-2025-53770 is defined as a SharePoint Server remote code execution vulnerability. With this type of flaw, hackers can remotely run code in a SharePoint environment.
"CVE-2025-53770 gives a threat actor the ability to remotely execute code, bypassing identity protections (like single sign-on and multi-factor authentication), giving access to content on the SharePoint server including configurations and system files, opening up lateral access across the Windows domain," Trey Ford, chief information security officer at crowdsourced cybersecurity provider Bugcrowd, told ZDNET.
Together, the two flaws allow cybercriminals to install malicious programs that can compromise a SharePoint environment -- and that's exactly what's been happening.
State officials and private researchers told The Washington Post that hackers have already launched attacks against US federal and state agencies, universities, energy companies, and others. SharePoint servers have been breached within at least two US federal agencies, according to the researchers. One US state official said the attackers had "hijacked" a collection of documents designed to help people understand how their government works, the Post added.
Alarmingly, even the US National Nuclear Security Administration was breached as a result of the SharePoint vulnerability.
"The recent breach of multiple governments' systems, including the US National Nuclear Security Administration, stemming from a Microsoft vulnerability, is yet another urgent reminder of the stakes we're facing," Bob Huber, chief security officer for cybersecurity firm Tenable, said in a comment shared with ZDNET. "This isn't just about a single flaw, but how sophisticated actors exploit these openings for long-term gain."
... continue reading