Microsoft Confirms Hackers Exploiting SharePoint Flaws, Patch Now

Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers are already exploiting them in active campaigns.

The vulnerabilities, identified as CVE-2025-53770 and CVE-2025-53771, are not present in SharePoint Online, but on-premises environments using SharePoint 2019 and the SharePoint Subscription Edition are directly at risk.

According to Microsoft’s updated guidance, fixes for SharePoint 2019 and Subscription Edition are now available and fully address both vulnerabilities. However, SharePoint 2016 customers are still waiting, as Microsoft says updates for that version are still in development. In the meantime, the company recommends that affected users apply existing patches, enable key protections, and prepare for additional updates.

The two vulnerabilities are dangerous because they allow attackers to execute code and plant web shells on vulnerable servers. Microsoft says these attacks have already been seen in the wild, and one clear sign of compromise is the ...