Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief
Essential information
- Published
- 23/07/2025 23:31
- Modified
- 24/07/2025 09:34
- Tags
- 2025-07-23 CVE-2025-49704 CVE-2025-49706 CVE-2025-53770 CVE-2025-53771 exploitation on-premises sharepoint unauthenticated access vulnerability web shell
- Related entities
- 11 techniques (mitre), 3 others
Description
Several critical vulnerabilities in Microsoft SharePoint are being actively exploited, targeting on-premises servers in government, education, healthcare, and large enterprises. The vulnerabilities allow unauthenticated attackers to bypass security controls and gain privileged access, leading to data exfiltration and backdoor deployment. Immediate actions recommended include patching, disconnecting vulnerable servers, rotating cryptographic material, and engaging professional incident response. Multiple variations of exploitation have been observed, involving command execution and web shell creation. Palo Alto Networks products offer various protections against these threats, including detection and blocking capabilities.