Unauthorized access at Microsoft paves the way for digital intruders
In a recent development, a significant security breach has been discovered in Microsoft's SharePoint program, tracked as CVE-2025-53770. This remote code execution (RCE) flaw, with a CVSS score of 9.8, allows attackers to execute code remotely without authentication, potentially stealing data and passwords[1].
The vulnerability was first exploited by suspected Chinese hackers who gained access to emails in some US agencies via a Microsoft software vulnerability in 2023[2]. Since then, attackers have successfully attacked servers of two unnamed federal agencies in the US, and over 75 organizations globally have been breached in active, large-scale exploitation campaigns[3][4].
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-53770 to its Known Exploited Vulnerabilities Catalog, urging immediate patching and mitigation[2][4]. Microsoft has responded to the issue with updates, releasing patches on July 20-21, 2025, to fix the security gap[1].
The flaw affects on-premises SharePoint Server only; SharePoint Online in Microsoft 365 is not impacted. The vulnerability was discovered and reported by Viettel Cyber Security through Trend Micro's Zero Day Initiative[1].
The exploit chain that leverages these combined flaws is known as ToolShell, which has been used in widespread attacks[1][3][4]. Dutch company Eye Security and the security firm Crowdstrike have recommended isolating or shutting down affected servers due to attacks on "thousands" of servers[5].
Organizations using on-premises SharePoint Server are strongly advised to install the July 2025 security updates immediately to mitigate this critical threat and monitor for signs of compromise[1]. The identity of those behind the attacks remains unclear[2].
This incident serves as a reminder for the importance of regular software updates and vigilant cybersecurity practices. The Washington Post reported on this security breach, emphasizing the need for prompt action to protect sensitive data[6].
[1] TechTarget: "Microsoft SharePoint Server vulnerability CVE-2025-53770: What you need to know" [2] The Washington Post: "Chinese hackers breached US government agencies via Microsoft vulnerability in 2023" [3] ZDNet: "Microsoft SharePoint Server zero-day exploited in widespread attacks" [4] CISA: "Known Exploited Vulnerabilities Catalog" [5] Eye Security: "Statement on Microsoft SharePoint Server vulnerability CVE-2025-53770" [6] The Washington Post: "Microsoft SharePoint Server zero-day exploited in widespread attacks"
- The Commission has also been consulted on the draft directive regarding the recent cybersecurity concern related to data-and-cloud-computing, specifically the vulnerability discovered in Microsoft's SharePoint program, termed as CVE-2025-53770.
- This general news about a significant security breach in Microsoft's SharePoint program has sparked discussions in the field of crime-and-justice, given the potential theft of sensitive data and passwords that could be facilitated by such cybersecurity threats.
- The ongoing attacks exploiting the CVE-2025-53770 vulnerability in Microsoft's SharePoint Server can be associated with the growing importance of technology in various sectors, necessitating enhanced cybersecurity measures and practices.
