Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief

SUMMARY :

Several critical vulnerabilities in Microsoft SharePoint are being actively exploited, targeting on-premises servers in government, education, healthcare, and large enterprises. The vulnerabilities allow unauthenticated attackers to bypass security controls and gain privileged access, leading to data exfiltration and backdoor deployment. Immediate actions recommended include patching, disconnecting vulnerable servers, rotating cryptographic material, and engaging professional incident response. Multiple variations of exploitation have been observed, involving command execution and web shell creation. Palo Alto Networks products offer various protections against these threats, including detection and blocking capabilities.

OPENCTI LABELS :

exploitation,vulnerability,web shell,sharepoint,cve-2025-53771,cve-2025-53770,cve-2025-49704,cve-2025-49706,on-premises,unauthenticated access


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief