Since July 18, 2025, SharePoint servers worldwide have been under attack due to vulnerabilities that were patched as of July 14, 2025: CVE-2025-49704 and CVE-2025-49706. However, an additional zero-day vulnerability (CVE-2025-53770), rated CVSS 3.1 at 9.8 severity, has been discovered and exploited without a patch. Over 85 organizations have reported infections from this critical flaw, which is a variant of CVE-2025-49706. Microsoft has since released an emergency patch for certain SharePoint server versions to address this urgent security issue. Detailed insights on the impact and mitigation strategies can be found in the latest update.
As of July 18th, over 85 organizations have reported infections due to a newly discovered zero-day vulnerability in SharePoint servers. Security experts recommend immediate action to secure systems against these critical threats. According to recent cybersecurity reports, enterprises are increasingly focusing on proactive security measures and rapid response strategies to mitigate the risks posed by such vulnerabilities.
Third-party Insights: Immediate Action Required Against Zero-Day Threats
Similar questions
What are CVE-2025-49704 and CVE-2025-49706?
When did the attacks on SharePoint servers begin?
How many organizations have been affected by this new vulnerability?
What is the CVSS score of the zero-day vulnerability (CVE-2025-53770)?
Is there a patch available for CVE-2025-53770?
Which version(s) of SharePoint are affected by this vulnerability?
How can I check if my organization’s SharePoint server is infected?
What steps should organizations take to mitigate the impact of these vulnerabilities?
Where can I find more detailed information about the attacks and mitigation strategies?
Is there any way to prevent future zero-day attacks on our SharePoint servers?