Microsoft has confirmed that attackers are actively exploiting a critical vulnerability affecting on-premises SharePoint Server installations. The vulnerability, now tracked as CVE-2025-53770, is a variant of an earlier disclosed issue identified as CVE-2025-49706. According to Microsoft, this specific threat is currently being used in targeted attacks, raising concerns for organizations relying on SharePoint Server for collaboration and document management.
Security teams at Microsoft have acknowledged the severity of the situation and are working to develop and release a dedicated security update. While the patch is being finalized, Microsoft has published a set of mitigations and detection methods on its official security blog to help system administrators protect their infrastructure. These guidelines aim to assist customers in reducing exposure and identifying potential indicators of compromise while a permanent fix is being prepared.
The exploitation appears to be limited to on-premises SharePoint Server environments. There is no indication so far that Microsoft 365 or cloud-based SharePoint services are affected by this specific vulnerability. However, due to the widespread use of on-premises SharePoint solutions in enterprises and government agencies, Microsoft is urging all users to review the advisory and implement the recommended mitigations immediately.
Microsoft’s advisory emphasizes the importance of monitoring systems for suspicious activity and applying temporary workarounds if patching is not currently feasible. The company has assured customers that it will provide further updates as its investigation progresses and once a full security patch becomes available. Organizations are encouraged to stay updated by regularly checking Microsoft’s official channels for the latest guidance.
The security community has also taken note of the exploit, as the CVE-2025-53770 variant appears to present a new attack vector not fully addressed by previous updates related to CVE-2025-49706. This underlines the need for ongoing vigilance even in systems that may have been patched for the original vulnerability. Early analysis suggests that attackers are leveraging this variant to bypass existing protections and gain unauthorized access to sensitive SharePoint resources.
Microsoft has provided a direct link to its blog, where detailed technical information, mitigation instructions, and detection rules have been outlined. The guidance includes recommended configuration changes and logging practices to identify potential compromise attempts. Admins are advised to prioritize this threat and assess their risk exposure promptly.
As more information becomes available, Microsoft plans to share further advisories to ensure its enterprise customers remain informed and protected. Until a full patch is released, the combination of the outlined mitigations and proactive monitoring remains the primary defense against this ongoing exploit. The full advisory and instructions are accessible on Microsoft’s official blog at: https://msft.it/6042s8oCi.
Source: LinkedIn
