CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

Cybereason is actively investigating exploitation of these vulnerabilities. Check the Cybereason blog for additional updates. 

Key Takeaways

Two zero-day vulnerabilities discovered in on-premise Microsoft SharePoint servers, tracked as CVE‑2025‑53770 and CVE‑2025‑53771.
Affected versions include: Subscription Edition – KB5002768, SharePoint 2019 – KB5002754, SharePoint 2016 – KB5002760. 
If exploited, these vulnerabilities could allow for remote code execution (RCE). 
Cybereason has observed ongoing active exploitation of these vulnerabilities through our Global SOC monitoring. 
With this exploit, we recommend taking an “assume compromised” posture, immediately patching impacted versions, and conducting incident response historical look back. BlogRead More