216.73.216.133

Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief

· Published 23/07/2025 23:31 · Modified 24/07/2025 09:34

Export JSON

Essential information

Published
23/07/2025 23:31
Modified
24/07/2025 09:34
Tags
2025-07-23 CVE-2025-49704 CVE-2025-49706 CVE-2025-53770 CVE-2025-53771 exploitation on-premises sharepoint unauthenticated access vulnerability web shell
Related entities
11 techniques (mitre), 3 others

Description

Several critical vulnerabilities in Microsoft are being actively exploited, targeting servers in government, education, healthcare, and large enterprises. The vulnerabilities allow unauthenticated attackers to bypass security controls and gain privileged access, leading to data exfiltration and backdoor deployment. Immediate actions recommended include patching, disconnecting vulnerable servers, rotating cryptographic material, and engaging professional incident response. Multiple variations of have been observed, involving command execution and creation. Palo Alto Networks products offer various protections against these threats, including detection and blocking capabilities.

External references