Nourish - News that Enriches Your Mind

a { color: #880000 !important; background: #ffeeee !important; } Latest News from NourishThe Nourish Mission (formerly OneSub)Get answers to today's big questionsWhat Is the SharePoint Zero-Day Vulnerability and How Does It Affect Organizations?

A critical zero-day vulnerability has been discovered in on-premises SharePoint servers, exploited by hackers to breach systems worldwide. This flaw, identified as CVE-2025-53770, has led to active compromises, including data theft and remote code execution. Organizations using SharePoint on-premises need to act fast to patch their systems and prevent further damage. Below, we answer key questions about this vulnerability, how it impacts security, and what steps to take next.

The 6 top questions…

What is the SharePoint zero-day vulnerability?

The SharePoint zero-day vulnerability, CVE-2025-53770, is a severe security flaw in on-premises SharePoint servers. It allows hackers to execute remote code by exploiting deserialization issues, giving them control over affected systems. This vulnerability has been actively exploited since mid-July, leading to widespread breaches.

How does this vulnerability affect organizations?

Organizations using on-premises SharePoint servers are at risk of unauthorized access, data theft, and system compromise. Hackers can extract cryptographic keys and gain remote control, which can lead to sensitive data leaks and operational disruptions. Government agencies and private companies alike are targeted.

What does Microsoft’s patch fix and how urgent is it?

Microsoft released an urgent patch to fix the CVE-2025-53770 vulnerability. The update addresses the deserialization flaw, preventing remote code execution. Given the active exploitation, applying this patch immediately is critical to protect your systems from ongoing attacks.

Are cloud-based SharePoint services affected?

No, this vulnerability affects only on-premises SharePoint servers. Cloud-based SharePoint Online remains unaffected, as the flaw is specific to the on-premises software. Organizations should focus on patching their local servers to mitigate risk.

What steps should organizations take now?

Organizations should prioritize applying the latest Microsoft security updates immediately. Additionally, disconnect any compromised servers, review cryptographic key management, and monitor systems for unusual activity. Security agencies recommend proactive patching to prevent further breaches.

Are government agencies at higher risk?

Yes, government agencies are among the most targeted due to the sensitive nature of their data. The active exploitation of this vulnerability has already impacted several government systems worldwide, making urgent patching and security measures essential for these organizations.

Massive SharePoint Hack Hits Governments

One of the hacked organizations reportedly includes the U.S. agency responsible for maintaining the country's stockpile of nuclear weapons. China-backed hackers have been observed carrying out the hacks targeting SharePoint servers.