Microsoft Deploys Emergency Patches for Critical SharePoint Vulnerabilities

Date Published:

The software giant has released urgent security patches to address multiple zero-day vulnerabilities impacting its on-premises SharePoint Server. These flaws enable sophisticated spoofing attacks capable of stealing sensitive data and credentials, affecting organizations worldwide, including governments and educational institutions.

“Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,” the company posted in a Sunday blog announcement.

The patches, designed for the “SharePoint Server Subscription Edition,” “SharePoint Server 2019,” and “SharePoint Server 2016” in a cumulative manner, do not impact the cloud-based SharePoint 365 service.

Security analysts at Eye Security from the Netherlands first disclosed the vulnerabilities (CVE-2025-53770 and CVE-2025-53771) in a Saturday blog post. They termed the issues a “large-scale exploitation of a new SharePoint remote code execution,” indicating waves of attacks compromised scores of systems by Saturday.

CISA identified the ToolShell chain utilized in the attacks. It allows threat actors to access SharePoint content, including file systems and internal configurations, and execute code remotely.

Further Reading: Microsoft Warns of New Trojan Targeting Crypto Wallets