216.73.217.22

Active Exploitation of Microsoft SharePoint Vulnerabilities

· Published 22/07/2025 08:31 · Modified 22/07/2025 09:29

Export JSON

Essential information

Published
22/07/2025 08:31
Modified
22/07/2025 09:29
Tags
2025-07-22 CVE-2025-49704 CVE-2025-49706 CVE-2025-53770 CVE-2025-53771 cve education exploitation government healthcare microsoft sharepoint on-premises vulnerability
Related entities
13 vulnerabilities (cve), 24 observables, 13 techniques (mitre), 3 others

Description

Unit 42 is tracking ongoing threat activity targeting servers, particularly within , schools, , and large enterprises. Multiple vulnerabilities (, , , ) allow unauthenticated attackers to access restricted functionality and execute arbitrary commands. Active has been observed, with attackers bypassing identity controls, exfiltrating data, deploying backdoors, and stealing cryptographic keys. Affected organizations are urged to immediately disconnect vulnerable servers, apply patches, rotate cryptographic material, and engage professional incident response. The vulnerabilities impact SharePoint Enterprise Server 2016 and 2019, with some also affecting SharePoint Server Subscription Edition. Cloud-based SharePoint is not affected.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (13)

CVE-2025-53771
6.5 Medium

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …

Attack vector
NETWORK
Published
21/07/2025
Modified
21/12/2025
Received
CVE-2025-53770 KEV
9.8 Critical

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …

Attack vector
Network
Published
20/07/2025
Modified
21/12/2025
Analyzed
CVE-2025-49706 KEV
6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector
Network
Published
22/07/2025
Modified
21/12/2025
CVE-2025-49704 KEV
8.8 High

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …

Attack vector
Network
Published
22/07/2025
Modified
21/12/2025
CVE-2025-31324 KEV
10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector
Network
Published
29/04/2025
Modified
21/12/2025
Received
CVE-2024-53870
3.3 Low

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by …

Attack vector
LOCAL
Published
25/02/2025
Modified
21/12/2025
Awaiting Analysis
CVE-2025-0283
7.0 High

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …

Attack vector
LOCAL
Published
09/01/2025
Modified
21/12/2025
Analyzed
CVE-2025-0282 KEV
9.0 Critical

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …

Attack vector
Network
Published
08/01/2025
Modified
21/12/2025
Analyzed
CVE-2024-8299
7.8 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector
LOCAL
Complexity
Low
Published
29/11/2024
Modified
08/04/2026
CVE-2024-0012 KEV
9.8 Critical

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to …

Attack vector
Network
Published
18/11/2024
Modified
21/12/2025
Undergoing Analysis
CVE-2024-9474 KEV
7.2 High

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to …

Attack vector
Network
Published
18/11/2024
Modified
21/12/2025
Undergoing Analysis
CVE-2024-7587
7.8 High

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …

Attack vector
Local
Published
23/10/2024
Modified
09/01/2026
Analyzed
CVE-2024-1182
7.0 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector
LOCAL
Complexity
High
Published
04/07/2024
Modified
08/04/2026

Observables (24)

  • 92.222.167.88
  • 91.236.230.76
  • 91.132.95.60
  • 86.48.9.38
  • 45.86.231.241
  • 51.161.152.26
  • 212.125.27.102
  • 185.197.248.131
  • 149.28.124.70
  • 145.239.97.206
  • 139.144.199.41
  • 95.179.158.42
  • 154.223.19.106
  • 96.9.125.147
  • 104.238.159.149
  • [email protected]
  • 33067028e35982c7b9fdcfe25eb4029463542451fdff454007832cf953feaf1e
  • fa3a74a6c015c801f5341c02be2cbdfb301c6ed60633d49fc0bc723617741af7
  • b39c14becb62aeb55df7fd55c814afbb0d659687d947d917512fe67973100b70
  • 7baf220eb89f2a216fcb2d0e9aa021b2a10324f0641caf8b7a9088e4e45bec95
  • 66af332ce5f93ce21d2fe408dffd49d4ae31e364d6802fff97d95ed593ff3082
  • 4a02a72aedc3356d8cb38f01f0e0b9f26ddc5ccb7c0f04a561337cf24aa84030
  • 390665bdd93a656f48c463bb6c11a4d45b7d5444bdd1d1f7a5879b0f6f9aac7e
  • 92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514

Techniques (MITRE) (13)

Others (3)

  • Healthcare
  • Education
  • Government

External references