The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has posted an alert saying it is aware of “active exploitation” of a new vulnerability to Microsoft SharePoint “enabling unauthorized access to on-premise SharePoint servers.”
The exploitation activity “provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network,” the post stated.
“The FBI is aware of the matter, and we are working closely with our federal government and private sector partners,” the bureau said in a statement.
According to a Microsoft customer guidance blog post issued Saturday, “Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.”
“These vulnerabilities apply to on-premises SharePoint Servers only,” the post added and “SharePoint Online in Microsoft 365 is not impacted.”
A company spokesperson said the company has been “coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners around the world throughout our response.”
“While the scope and impact continue to be assessed,” CISA Acting Executive Assistant Director for Cybersecurity Chris Butera said in a statement, “the new common vulnerabilities and exposure (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.” | ABC News
Photo: James Martin/CNET
