Overview

• CVE-2025-53770 has been exploited since mid-July to breach at least 85 on-premises SharePoint servers, including U.S. state and federal systems
• Microsoft released security updates for SharePoint 2019 and Subscription Edition on July 20 but the on-premises 2016 version still lacks a patch
• U.S. Cybersecurity and Infrastructure Security Agency has directed organizations to disconnect affected servers from the internet until definitive fixes are available
• Cybersecurity firms warn that attackers have installed backdoors enabling persistent access, posing ongoing data theft risks even on patched systems
• Critics note that similar legacy vulnerabilities fueled a China-backed breach of U.S. administration emails in 2023, highlighting systemic infrastructure risks