1

A sophisticated cyberattack campaign targeting Microsoft SharePoint servers has been discovered exploiting a newly weaponized vulnerability chain dubbed “ToolShell,” enabling attackers to gain complete remote control over vulnerable systems without authentication.

This has been active a few days, but as a heads up, if you have an on-premises SharePoint, please patch and look for IoCs.

There is currently no fix, but there are workarounds.

10 Spice ups
2

Fix has been released

Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog | Microsoft Security Response Center

6 Spice ups
3

Thank you for posting this!

1 Spice up