A severe zero-day vulnerability in Microsoft SharePoint, identified as CVE-2025-53770, is being actively exploited by threat actors, with no official patch currently available. The flaw enables remote code execution (RCE), allowing attackers to gain full control of affected SharePoint servers—often without any user interaction.
First disclosed by Trend Micro’s Zero Day Initiative (ZDI) and reported by Help Net Security, the exploit has already been used in live attacks. The vulnerability stems from improper request handling in SharePoint, making it possible for unauthenticated attackers to remotely execute arbitrary code. With no patch or official workaround available, security teams are on high alert.
Over 75 Microsoft SharePoint Servers Compromised: Microsoft Responds
According to BleepingComputer, Microsoft has acknowledged the active exploitation but has yet to provide a security update or concrete mitigation steps. The tech giant advises users to follow best practices in securing enterprise environments and closely monitor server activity for suspicious behavior.
As per Times of India, more than 75 SharePoint servers have already been breached, affecting entities across government, financial services, and enterprise sectors. Security researchers warn that this is likely just the beginning, with advanced persistent threat (APT) groups and ransomware operators expected to adopt the exploit swiftly if a patch is further delayed.
The breach poses serious risks for organizations reliant on SharePoint for document management, collaboration, and internal operations, particularly those with externally facing servers.
Security Community Raises Alarm as Patch Delay Continues
The broader cybersecurity community has expressed growing concern about the incident’s potential fallout. The Register notes that SharePoint’s widespread enterprise adoption could make this zero-day one of the most impactful vulnerabilities of the year if left unresolved.
Organizations are being urged to limit internet exposure, segment their networks, and enforce firewall rules that restrict access to SharePoint servers. Experts also recommend disabling unnecessary services and increasing logging to detect anomalous activity. Some companies have already begun disabling SharePoint access temporarily until a patch is issued.
While Microsoft SharePoint has not provided a release timeline for a fix, the urgency is mounting. Security analysts stress that this incident highlights the growing frequency of zero-day exploits being weaponized before disclosure, leaving organizations dangerously exposed.
Until a patch is available, administrators are advised to stay updated through official Microsoft channels and implement all defensive measures to reduce attack surface and maintain operational resilience.
