SharePoint Vulnerabilities: What you need to know

Disrupting Active Exploitation of On-Premises SharePoint Vulnerabilities: What You Need to Know On July 19, 2025, the Microsoft Security Response Center (MSRC) confirmed widespread, active attacks targeting on-premises SharePoint servers. Cybercriminals are exploiting newly disclosed vulnerabilities, notably CVE-2025-53770 and CVE-2025-53771, resulting in significant risk for organizations maintaining outdated or unpatched environments 1 3 5 . How the Attacks Unfold Threat actors are leveraging an authentication bypass and remote code execution exploit through specially crafted POST requests to the SharePoint ToolPane endpoint. Upon breaching a server, they typically deploy a malicious web shell (for example, spinstall0.aspx or variants like spinstall1.aspx), which executes commands to exfiltrate sensitive MachineKey data. This critical information can then be used for ongoing, undetected persistence and lateral movement across the victim’s network 1 5 . Attackers have demonstrate...