A critical zero-day vulnerability in Microsoft SharePoint has triggered a widespread cyberattack affecting tens of thousands of on-premise servers across government agencies, businesses, and universities worldwide. The exploit, identified as CVE-2025-53770, enables attackers to gain unauthorized access to internal SharePoint environments, which are often linked to tools like Outlook and Teams. The flaw allows spoofing attacks, where intruders can pose as trusted sources to steal data, harvest credentials, and maintain long-term access using cryptographic keys.
Microsoft has confirmed active exploitation and released patches for SharePoint Subscription Edition and SharePoint 2019. However, SharePoint 2016 remains unpatched, though fixes are in progress. SharePoint Online users in Microsoft 365’s cloud environment are not affected.
Victims reportedly include U.S. federal and state agencies, European governments, energy firms, a Brazilian university, and an Asian telecom company. In some cases, attackers hijacked public document repositories, locking out legitimate users. Experts warn that organizations already compromised may remain at risk even after patching, as attackers could retain access via stolen keys.
Microsoft has urged administrators to apply available updates immediately, monitor for unusual activity, and follow detection and mitigation guidance. The situation is evolving, with further patches and investigation expected in the coming days.
