Microsoft SharePoint Vulnerability Sparks Active Exploits
A newly uncovered zero-day vulnerability in Microsoft SharePoint is under active exploitation, with serious implications for organizations running on-premises versions of the platform. U.S. federal agencies, energy companies, universities, and other businesses have been affected, signaling a widespread campaign that could impact thousands of small and mid-sized businesses.
The flaw, officially tracked as CVE-2025-53771, impacts self-hosted versions of SharePoint Server, including releases as old as SharePoint Server 2016. It allows threat actors to steal private digital keys from vulnerable servers without needing login credentials. Once inside, attackers can deploy malware, impersonate legitimate services, and access critical internal data.
Because SharePoint often integrates with Outlook, Teams, and OneDrive, compromised servers could offer attackers a gateway to an organization’s broader Microsoft ecosystem. This zero-day qualifies as particularly severe due to its lack of an available patch, Microsoft is still working to release fixes, leaving systems exposed in the meantime.
Cybersecurity experts, including CISA and researchers at Eye Security, urge organizations to take immediate action. If your SharePoint environment is public-facing, experts advise assuming it may already be compromised. Short-term defensive measures include:
- Disconnecting servers from the internet
- Rotating digital keys that may have been stolen
- Monitoring for suspicious activity across connected applications
If your organization relies on Microsoft SharePoint for document management, collaboration, or ERP integration, now is the time to act decisively. 2WTech’s cybersecurity experts can assess your SharePoint infrastructure, detect signs of compromise, and implement mitigation strategies to protect your digital assets. We also offer guidance on migrating to Microsoft 365 cloud environments, where vulnerabilities are managed more proactively and patching is centralized.
Read More: