A serious cybersecurity threat has emerged for organizations using Microsoft SharePoint on-premises servers. A zero-day vulnerability, now identified as CVE-2025-53770, is being actively exploited by hackers. According to multiple cybersecurity firms, over 75 government and business servers have already been compromised across different regions.
The flaw enables attackers to remotely execute code and spoof trusted sources, granting them deep access to critical infrastructure. While Microsoft has issued emergency patches, experts are warning that many systems may already be compromised, even those that have been recently updated.
Unlike cloud-based Microsoft 365, this exploit specifically targets locally hosted SharePoint servers. The issue not only allows attackers to break in but may also let them extract cryptographic keys, granting long-term access even after patches are applied.
Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are urging immediate action:
- Apply emergency patches released for SharePoint 2019 and Subscription Edition.
- Disconnect affected servers from the internet temporarily.
- Rotate cryptographic keys and access tokens to prevent re-entry.
- Monitor systems for unusual activity.
The FBI has also issued advisories, highlighting the potential national security risks associated with this vulnerability.
This incident underscores a growing challenge for organizations relying on self-managed infrastructure. While cloud services like Microsoft 365 offer frequent updates and built-in protections, many enterprises still operate critical systems on-premises for greater control. However, that control comes with increased responsibility and risk. The SharePoint breach reveals how slow patch adoption and misconfigured servers can leave large institutions vulnerable to highly coordinated cyberattacks. As threat actors grow more sophisticated, businesses must rethink their security strategies, balancing autonomy with agility, and ensuring their IT teams are equipped to respond quickly when zero-day threats emerge.