Particle.news

Download on the App Store

Zero-Day SharePoint Exploit Persists as Microsoft Issues Partial Patches

Vulnerable on-premises SharePoint servers remain exposed pending completion of fixes for two editions.

Un hacker trabajando
Image

Overview

  • CVE-2025-53770 has been exploited since mid-July to breach at least 85 on-premises SharePoint servers, including U.S. state and federal systems
  • Microsoft released security updates for SharePoint 2019 and Subscription Edition on July 20 but the on-premises 2016 version still lacks a patch
  • U.S. Cybersecurity and Infrastructure Security Agency has directed organizations to disconnect affected servers from the internet until definitive fixes are available
  • Cybersecurity firms warn that attackers have installed backdoors enabling persistent access, posing ongoing data theft risks even on patched systems
  • Critics note that similar legacy vulnerabilities fueled a China-backed breach of U.S. administration emails in 2023, highlighting systemic infrastructure risks