SharePoint vulnerability with 9.8 severity rating under exploit across globe
A high-severity vulnerability in Microsoft SharePoint Server, with a 9.8 severity rating, is being actively exploited globally, allowing attackers to access sensitive company data and authentication tokens. The vulnerability, CVE-2025-53770, provides unauthenticated remote access to exposed SharePoint Servers. Microsoft confirmed the attacks and released an emergency update to patch the vulnerability in SharePoint Subscription Edition and SharePoint 2019, urging immediate application of the updates. SharePoint 2016 remains unpatched, with Microsoft recommending organizations to install the Antimalware Scan Interface for protection. Cloud-hosted SharePoint Online and Microsoft 365 are not affected by this exploit.
Ars Technica•