Summary:
1. Microsoft has released updates to patch a critical zero-day flaw in Microsoft SharePoint Server that attackers have been exploiting in attacks against US federal and state agencies and global organizations.
2. The attack chain involves exploiting the critical flaw, CVE-2025-53770, and a path traversal vulnerability, CVE-2025-53771, allowing unauthorized attackers to execute code over a network.
3. To learn more about this critical flaw and its implications, readers can continue reading the article on Dark Reading, a DCN partner site.
Rewritten Article:
Microsoft Releases Critical Updates to Patch Zero-Day Flaw in SharePoint Server
Microsoft has taken swift action to address a critical zero-day vulnerability in its SharePoint Server, which cyber attackers have been leveraging in a series of targeted attacks against government agencies and global organizations.
The zero-day flaw, identified as CVE-2025-53770 with a high CVSS score of 9.8, stems from a vulnerability related to the deserialization of untrusted data in on-premises Microsoft SharePoint Server. Attackers are also exploiting a path traversal vulnerability, documented as CVE-2025-53771. These vulnerabilities combined enable unauthorized threat actors to execute malicious code remotely.
Microsoft’s prompt release of updates underscores the severity of the situation and the company’s commitment to addressing security threats efficiently. Organizations using Microsoft SharePoint Server are urged to apply these patches immediately to protect their systems from potential attacks.
