Microsoft has launched updates to patch a important zero-day flaw in Microsoft SharePoint Server that attackers have already been hammering in an ongoing wave of assaults towards US federal and state businesses in addition to different international organizations.
The assault chain includes exploiting the important flaw, tracked as CVE-2025-53770 with a 9.8 CVSS rating, and a path traversal vulnerability tracked as CVE-2025-53771. CVE-2025-53770 exists resulting from “deserialization of untrusted information in on-premises Microsoft SharePoint Server,” in keeping with the listing for the flaw within the Nationwide Vulnerability Database.
This “permits an unauthorized attacker to execute code over a community,” in keeping with the itemizing.
Keep reading this article in Dark Reading, a DCN partner site
