A critical, newly disclosed, and actively exploited vulnerability, CVE-2025-53770, affects all self-hosted / on-premises Microsoft SharePoint Server versions. This critical issue does not impact SharePoint Online (Microsoft 365).
The exploit enables attackers to:
- Bypass authentication
- Install persistent backdoors
- Launch ransomware
- Steal sensitive data
Immediate Steps to Take:
- Patch all on-premises SharePoint servers immediately following Microsoft guidance
- Disconnect unpatched servers from the Internet immediately
- For versions older than SharePoint 2016: …