Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)

Home / Articles / External / Government

Hacking isometric illustration with infected server and laptops 3d
Image source: Freekpik

August 5, 2025 | Originally published by Cybersecurity & Infrastructure Security Agency (CISA) on July 20, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as “ToolShell,” provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.