Critical SharePoint Zero-Day Exploit Discovered
NIKSUN advises organizations of a critical zero-day vulnerability affecting Microsoft SharePoint Server that requires urgent mitigation, tracked as CVE-2025-53770 with a Critical Vulnerability Scoring System calculated at 9.8/10. This vulnerability is currently known to be exploited in active, large-scale attacks.
Potentially hundreds of thousands of Microsoft SharePoint servers are vulnerable to compromise in a widespread cyber-attack affecting both U.S. government agencies and private businesses. According to The Washington Post, at least two federal agencies are confirmed to have been impacted, highlighting the severity of the vulnerability. Authorities are urging organizations to disconnect affected servers or apply protective modifications to mitigate further risk.
This flaw enables unauthorized remote code execution through the deserialization of untrusted data prior to authentication, thus posing significant risk to on-premises SharePoint Server deployments. NIKSUN is critical in protecting such infrastructure.
For example, NIKSUN's platform includes:Automated vulnerability scanning to real-time identify hosts where the specific CVEs are found to exist and, utilizing NIKSUN’s AI, can discover and correlate all details about the affected hosts into one unified viewCustom detection signatures to identify Indicators of Compromise (IOCs) and malicious SharePoint deserialization activity using NIKSUN's flagship NetDetectorLive solution, which can leverage NIKSUN’s threat intelligence for immediate detection and analysis of the exploitReal-time endpoint, infrastructure, and network alerts plus automated threat hunting to proactively uncover potential lateral movement or persistence methods related to this exploitComprehensive visibility across applications, APIs, endpoints, networks, and cloud environments to enable rapid investigation and response without the need to jump between disparate toolsOrchestrated response actions to enact automated remediations such as patching the vulnerability (once made available by Microsoft), blocking traffic, quarantining the host, and moreThis attack, like most others, highlights the need for a comprehensive, all-in-one, “single pane of glass” monitoring solution to enable quick detection, response, and remediation. NIKSUN’s solutions uniquely provide such a capability.
Active clients can feel free to reach out to us for help with analysis from the world-class NIKSUN Security Operations Center (SOC) at support@niksun.com. Interested parties who do not currently utilize NIKSUN solutions and would like the capabilities described here should contac Read more about this story on our LinkedIn page
Potentially hundreds of thousands of Microsoft SharePoint servers are vulnerable to compromise in a widespread cyber-attack affecting both U.S. government agencies and private businesses. According to The Washington Post, at least two federal agencies are confirmed to have been impacted, highlighting the severity of the vulnerability. Authorities are urging organizations to disconnect affected servers or apply protective modifications to mitigate further risk.
This flaw enables unauthorized remote code execution through the deserialization of untrusted data prior to authentication, thus posing significant risk to on-premises SharePoint Server deployments. NIKSUN is critical in protecting such infrastructure.
For example, NIKSUN's platform includes:Automated vulnerability scanning to real-time identify hosts where the specific CVEs are found to exist and, utilizing NIKSUN’s AI, can discover and correlate all details about the affected hosts into one unified viewCustom detection signatures to identify Indicators of Compromise (IOCs) and malicious SharePoint deserialization activity using NIKSUN's flagship NetDetectorLive solution, which can leverage NIKSUN’s threat intelligence for immediate detection and analysis of the exploitReal-time endpoint, infrastructure, and network alerts plus automated threat hunting to proactively uncover potential lateral movement or persistence methods related to this exploitComprehensive visibility across applications, APIs, endpoints, networks, and cloud environments to enable rapid investigation and response without the need to jump between disparate toolsOrchestrated response actions to enact automated remediations such as patching the vulnerability (once made available by Microsoft), blocking traffic, quarantining the host, and moreThis attack, like most others, highlights the need for a comprehensive, all-in-one, “single pane of glass” monitoring solution to enable quick detection, response, and remediation. NIKSUN’s solutions uniquely provide such a capability.
Active clients can feel free to reach out to us for help with analysis from the world-class NIKSUN Security Operations Center (SOC) at support@niksun.com. Interested parties who do not currently utilize NIKSUN solutions and would like the capabilities described here should contac Read more about this story on our LinkedIn page