Zero-Day Vulnerability in Microsoft SharePoint Puts Thousands at Risk
Hackers have exploited vulnerabilities in Microsoft’s SharePoint software, placing tens of thousands of on-premises servers utilized by global businesses and government agencies at significant risk. Microsoft confirmed on July 21, 2025, that it is addressing active attacks while working on a patch for the discovered zero-day exploit, reports 24brussels.
The vulnerability, first identified by researchers at Eye Security on July 18, allows hackers to access specific on-premises SharePoint versions and steal authentication keys. This issue lets attackers impersonate users or services even after servers have been rebooted or patched, indicating ongoing threats to already compromised systems. Fortunately, cloud versions of SharePoint remain unaffected.
Utilizing this zero-day exploit, hackers can extract sensitive data, gather passwords, and navigate through networks breached via services linked to SharePoint, including Outlook, Teams, and OneDrive. The exploit appears to have originated from vulnerabilities disclosed during the Pwn2Own hacking contest in May, which allowed unauthenticated access to SharePoint servers.
In response, Microsoft has issued patches to provide complete protection for SharePoint 2019 and SharePoint Subscription Edition servers. The company is also working on a patch for SharePoint 2016.
The US Cybersecurity and Infrastructure Security Agency (CISA) is currently assessing the full scope and impact of these attacks. It has advised disconnecting any impacted servers from the internet until an official resolution is in place. Reports indicate that the exploit has targeted US federal and state agencies, universities, energy companies, as well as an Asian telecommunications company.
CISA is evaluating the implications of this zero-day breach, emphasizing the importance of taking immediate action to secure vulnerable infrastructures and mitigate potential data breaches.
As investigations continue, organizations using Microsoft SharePoint are urged to remain vigilant and implement available security measures to protect their systems from this ongoing threat.
