CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability in Microsoft SharePoint Server that is being actively exploited in cyberattacks.

The vulnerability, tracked as CVE-2025-53770, represents a significant threat to organizations running on-premises SharePoint installations.

The flaw stems from a deserialization of untrusted data vulnerability within Microsoft SharePoint Server on-premises environments.

This weakness allows unauthorized attackers to execute arbitrary code remotely over a network, potentially giving cybercriminals complete control over affected systems.

The vulnerability is classified under Common Weakness Enumeration (CWE-502), which relates to the unsafe processing of serialized data from untrusted sources.

Immediate Response Required

CISA has designated July 21, 2025, as the critical deadline for organizations to implement protective measures, just one day after the vulnerability was added to the agency’s Known Exploited Vulnerabilities Catalog on July 20, 2025.

This extremely tight timeline underscores the severity of the ...