The Reveal Platform
Intel Name: Active exploitation of microsoft sharepoint vulnerabilities: threat brief
Date of Scan: July 22, 2025
Impact: High
Summary: CVE-2025-53770 and CVE-2025-53771 impact on-premise Microsoft SharePoint Servers, enabling malicious file uploads and cryptographic key theft. These evolved from earlier flaws (CVE-2025-49704/49706), where incomplete patches left systems vulnerable to unauthenticated RCE via deserialization and ViewState abuse. Exploitation has been observed across sectors like finance, education, energy, and healthcare. Microsoft has patched Subscription Edition and Server 2019; a fix for Server 2016 is pending.
