{"id":78770,"date":"2025-07-23T13:35:32","date_gmt":"2025-07-23T10:35:32","guid":{"rendered":"https:\/\/gulftech-news.com\/en\/?p=78770"},"modified":"2025-07-23T13:35:33","modified_gmt":"2025-07-23T10:35:33","slug":"active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief","status":"publish","type":"post","link":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/","title":{"rendered":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief"},"content":{"rendered":"\n<p>Palo Alto Networks\u2019 Unit 42 is tracking high-impact, ongoing threat activity targeting on-premises Microsoft SharePoint servers. While cloud environments remain unaffected, on-premises SharePoint deployments \u2014 particularly within government, schools, healthcare (including hospitals) and large enterprise companies \u2014 are at immediate risk.<\/p>\n\n\n\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49704\" rel=\"noreferrer noopener\" target=\"_blank\"><strong>CVE-2025-49704,<\/strong><\/a>&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49706\" rel=\"noreferrer noopener\" target=\"_blank\"><strong>CVE-2025-49706<\/strong><\/a>,&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770\" rel=\"noreferrer noopener\" target=\"_blank\"><strong>CVE-2025-53770<\/strong><\/a>&nbsp;and&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53771\" rel=\"noreferrer noopener\" target=\"_blank\"><strong>CVE-2025-53771<\/strong><\/a>&nbsp;are a set of vulnerabilities that impact Microsoft SharePoint.&nbsp;CVE-2025-49704 and CVE-2025-49706, or CVE-2025-53770 and CVE-2025-53771 may be&nbsp;chained together, which can allow unauthenticated threat actors to access functionality that is normally restricted, to run arbitrary commands on vulnerable instances of Microsoft SharePoint.<\/p>\n\n\n\n<p>In addition to the CVE reports, Microsoft has released&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/\" rel=\"noreferrer noopener\" target=\"_blank\"><strong>further guidance<\/strong><\/a>&nbsp;on these vulnerabilities. The vulnerabilities, their CVSS scores and their descriptions are detailed in Table 1.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>CVE Number<\/strong><\/td><td><strong>Description<\/strong><\/td><td><strong>CVSS Score<\/strong><\/td><\/tr><tr><td><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-49704\" rel=\"noreferrer noopener\" target=\"_blank\">CVE-2025-49704<\/a><\/td><td>Improper control of generation of code (code injection) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.<\/td><td>8.8<\/td><\/tr><tr><td><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-49706\" rel=\"noreferrer noopener\" target=\"_blank\">CVE-2025-49706<\/a><\/td><td>Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.<\/td><td>6.5<\/td><\/tr><tr><td><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-53770\" rel=\"noreferrer noopener\" target=\"_blank\">CVE-2025-53770<\/a><\/td><td>Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.<\/td><td>9.8<\/td><\/tr><tr><td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53771\" rel=\"noreferrer noopener\" target=\"_blank\">CVE-2025-53771<\/a><\/td><td>Improper limitation of a pathname to a restricted directory (path traversal) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.<\/td><td>6.5<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Table 1. List of recent vulnerabilities affecting Microsoft SharePoint.<\/p>\n\n\n\n<p>These vulnerabilities all apply to Microsoft SharePoint Enterprise Server 2016 and 2019. CVE-2025-49706 and CVE-2025-53770 also apply to Microsoft SharePoint Server Subscription Edition. Microsoft has stated that SharePoint Online in Microsoft 365 is not impacted.<\/p>\n\n\n\n<p>We are currently working closely with the Microsoft Security Response Center (MSRC) to ensure that our customers have the latest information and we are actively notifying affected customers and other organizations. This situation is evolving rapidly, so it\u2019s advisable to check Microsoft\u2019s recommendations frequently.<\/p>\n\n\n\n<p>We have observed active exploitation of these SharePoint vulnerabilities. Attackers are bypassing identity controls, including multi-factor authentication (MFA) and single sign-on (SSO), to gain privileged access. Once inside, they\u2019re exfiltrating sensitive data, deploying persistent backdoors and stealing cryptographic keys.<\/p>\n\n\n\n<p>The attackers have leveraged these vulnerabilities to get into systems and in some cases are already establishing their foothold. If you have SharePoint on-premises exposed to the internet, you should assume that you have been compromised. Patching alone is insufficient to fully evict the threat.<\/p>\n\n\n\n<p>We are urging organizations who are running vulnerable on-premises SharePoint to take the following actions immediately:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Apply all relevant patches now and as they become available<\/li>\n\n\n\n<li>Rotate all cryptographic material<\/li>\n\n\n\n<li>Engage professional incident response<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks\u2019 Unit 42 is tracking high-impact, ongoing threat activity targeting on-premises Microsoft SharePoint servers. While cloud environments remain unaffected, on-premises SharePoint deployments \u2014 particularly within government, schools, healthcare (including hospitals) and large enterprise companies \u2014 are at immediate risk. CVE-2025-49704,&nbsp;CVE-2025-49706,&nbsp;CVE-2025-53770&nbsp;and&nbsp;CVE-2025-53771&nbsp;are a set of vulnerabilities that impact Microsoft SharePoint.&nbsp;CVE-2025-49704 and CVE-2025-49706, or CVE-2025-53770 and &hellip;<\/p>\n","protected":false},"author":2,"featured_media":78771,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[644],"tags":[1104,3280],"class_list":["post-78770","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-communications-technology","tag-microsoft-2","tag-palo-alto-networks-2"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief - Gulf Tech News<\/title>\n<meta name=\"description\" content=\"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief - Gulf Tech News\" \/>\n<meta property=\"og:description\" content=\"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/\" \/>\n<meta property=\"og:site_name\" content=\"Gulf Tech News\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-23T10:35:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-23T10:35:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/gulftech-news.com\/en\/wp-content\/uploads\/2025\/07\/unnamed-2-3.jpg?v=1753266912\" \/>\n\t<meta property=\"og:image:width\" content=\"1270\" \/>\n\t<meta property=\"og:image:height\" content=\"783\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"bessan helmi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"bessan helmi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/\",\"url\":\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/\",\"name\":\"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief - Gulf Tech News\",\"isPartOf\":{\"@id\":\"https:\/\/gulftech-news.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/gulftech-news.com\/en\/wp-content\/uploads\/2025\/07\/unnamed-2-3.jpg?v=1753266912\",\"datePublished\":\"2025-07-23T10:35:32+00:00\",\"dateModified\":\"2025-07-23T10:35:33+00:00\",\"author\":{\"@id\":\"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/c033626e357b2f7e127eac0570ddc05c\"},\"description\":\"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief\",\"breadcrumb\":{\"@id\":\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#primaryimage\",\"url\":\"https:\/\/gulftech-news.com\/en\/wp-content\/uploads\/2025\/07\/unnamed-2-3.jpg?v=1753266912\",\"contentUrl\":\"https:\/\/gulftech-news.com\/en\/wp-content\/uploads\/2025\/07\/unnamed-2-3.jpg?v=1753266912\",\"width\":1270,\"height\":783,\"caption\":\"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/gulftech-news.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/gulftech-news.com\/en\/#website\",\"url\":\"https:\/\/gulftech-news.com\/en\/\",\"name\":\"Gulf Tech News\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/gulftech-news.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/c033626e357b2f7e127eac0570ddc05c\",\"name\":\"bessan helmi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g\",\"caption\":\"bessan helmi\"},\"url\":\"https:\/\/gulftech-news.com\/en\/author\/bessan-helmi\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief - Gulf Tech News","description":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/","og_locale":"en_US","og_type":"article","og_title":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief - Gulf Tech News","og_description":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief","og_url":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/","og_site_name":"Gulf Tech News","article_published_time":"2025-07-23T10:35:32+00:00","article_modified_time":"2025-07-23T10:35:33+00:00","og_image":[{"width":1270,"height":783,"url":"https:\/\/gulftech-news.com\/en\/wp-content\/uploads\/2025\/07\/unnamed-2-3.jpg?v=1753266912","type":"image\/jpeg"}],"author":"bessan helmi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"bessan helmi","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/","url":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/","name":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief - Gulf Tech News","isPartOf":{"@id":"https:\/\/gulftech-news.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#primaryimage"},"image":{"@id":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#primaryimage"},"thumbnailUrl":"https:\/\/gulftech-news.com\/en\/wp-content\/uploads\/2025\/07\/unnamed-2-3.jpg?v=1753266912","datePublished":"2025-07-23T10:35:32+00:00","dateModified":"2025-07-23T10:35:33+00:00","author":{"@id":"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/c033626e357b2f7e127eac0570ddc05c"},"description":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief","breadcrumb":{"@id":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#primaryimage","url":"https:\/\/gulftech-news.com\/en\/wp-content\/uploads\/2025\/07\/unnamed-2-3.jpg?v=1753266912","contentUrl":"https:\/\/gulftech-news.com\/en\/wp-content\/uploads\/2025\/07\/unnamed-2-3.jpg?v=1753266912","width":1270,"height":783,"caption":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief"},{"@type":"BreadcrumbList","@id":"https:\/\/gulftech-news.com\/en\/2025\/07\/23\/active-exploitation-of-microsoft-sharepoint-vulnerabilities-threat-brief\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/gulftech-news.com\/en\/"},{"@type":"ListItem","position":2,"name":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief"}]},{"@type":"WebSite","@id":"https:\/\/gulftech-news.com\/en\/#website","url":"https:\/\/gulftech-news.com\/en\/","name":"Gulf Tech News","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gulftech-news.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/c033626e357b2f7e127eac0570ddc05c","name":"bessan helmi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/gulftech-news.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bb1e09a6f094e0fa605073926f8ad9eb228a8b0aacd381fda782c562612428cf?s=96&d=mm&r=g","caption":"bessan helmi"},"url":"https:\/\/gulftech-news.com\/en\/author\/bessan-helmi\/"}]}},"_links":{"self":[{"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/posts\/78770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/comments?post=78770"}],"version-history":[{"count":1,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/posts\/78770\/revisions"}],"predecessor-version":[{"id":78772,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/posts\/78770\/revisions\/78772"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/media\/78771"}],"wp:attachment":[{"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/media?parent=78770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/categories?post=78770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gulftech-news.com\/en\/wp-json\/wp\/v2\/tags?post=78770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}