topic Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) in Industry News https://community.isc2.org/t5/Industry-News/Microsoft-Releases-Guidance-on-Exploitation-of-SharePoint/m-p/82405#M7577 <P>Dear All,</P><P>&nbsp;</P><P>CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as “ToolShell,” provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.</P><P>&nbsp;</P><P><A href="https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770" target="_blank">https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770</A></P><P><BR /><A href="https://research.eye.security/sharepoint-under-siege/" target="_blank">https://research.eye.security/sharepoint-under-siege/</A></P><P>&nbsp;</P><P><A href="https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-07-19-Microsoft-SharePoint-vulnerabilities-CVE-2025-49704-and-49706.txt" target="_blank">https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-07-19-Microsoft-SharePoint-vulnerabilities-CVE-2025-49704-and-49706.txt</A></P><P>&nbsp;</P><P><SPAN>It's always great to learn from each other, share experiences, and stay updated. Let's learn and explore together!</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 20 Jul 2025 18:48:09 GMT Kyaw_Myo_Oo 2025-07-20T18:48:09Z Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) https://community.isc2.org/t5/Industry-News/Microsoft-Releases-Guidance-on-Exploitation-of-SharePoint/m-p/82405#M7577 <P>Dear All,</P><P>&nbsp;</P><P>CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as “ToolShell,” provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.</P><P>&nbsp;</P><P><A href="https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770" target="_blank">https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770</A></P><P><BR /><A href="https://research.eye.security/sharepoint-under-siege/" target="_blank">https://research.eye.security/sharepoint-under-siege/</A></P><P>&nbsp;</P><P><A href="https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-07-19-Microsoft-SharePoint-vulnerabilities-CVE-2025-49704-and-49706.txt" target="_blank">https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-07-19-Microsoft-SharePoint-vulnerabilities-CVE-2025-49704-and-49706.txt</A></P><P>&nbsp;</P><P><SPAN>It's always great to learn from each other, share experiences, and stay updated. Let's learn and explore together!</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 20 Jul 2025 18:48:09 GMT https://community.isc2.org/t5/Industry-News/Microsoft-Releases-Guidance-on-Exploitation-of-SharePoint/m-p/82405#M7577 Kyaw_Myo_Oo 2025-07-20T18:48:09Z Re: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) https://community.isc2.org/t5/Industry-News/Microsoft-Releases-Guidance-on-Exploitation-of-SharePoint/m-p/82408#M7578 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/604565541">@Kyaw_Myo_Oo</a>&nbsp; &nbsp; the motto about not putting all your eggs into the same basket is also relevant too.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Sun, 20 Jul 2025 20:21:34 GMT https://community.isc2.org/t5/Industry-News/Microsoft-Releases-Guidance-on-Exploitation-of-SharePoint/m-p/82408#M7578 Caute_cautim 2025-07-20T20:21:34Z