Critical SharePoint Vulnerability Exploited: Over 400 Servers Compromised
Cybersecurity experts have raised alarm over a critical vulnerability in on-premise Microsoft SharePoint servers. Hackers are actively exploiting this flaw, tracked as CVE-2025-53770, which allows remote code execution. The Australian Cyber Security Centre (ACSC) and the FBI have issued warnings after over 400 servers were compromised, including those belonging to US federal agencies and critical infrastructure organisations.
The vulnerability, discovered in July 2025, has led to operational disruptions for many affected organisations. More than 50 breaches have been reported worldwide, including attacks on an energy company and European government offices. Microsoft has confirmed real-world attacks using this method and is working swiftly to address the issue.
Microsoft has already released security updates for SharePoint Subscription Edition and is working on fixes for the 2016 and 2019 versions. However, it's important to note that Microsoft 365's SharePoint Online is not affected by this vulnerability. The tech giant is continuing to investigate the matter and will share more details as they become available.
Organisations using on-premise SharePoint servers are urged to apply the necessary security updates as soon as possible to protect against potential attacks. The recent incidents serve as a reminder of the importance of keeping systems up-to-date and implementing robust cybersecurity measures. Microsoft is committed to addressing the issue and ensuring the safety of its users.
