SharePoint Zero-Day Breach Hits Hundreds of Companies, Affecting Thousands of Users — Why PureOS and Linux Servers Are a Safer Alternative

(Even if you don’t read the article, it’s worth checking whether you are affected by this Sharepoint Zero-Day, for those who are sometimes forced to interact with Sharepoint, even if you never use Microsoft Windows.)

3 Likes

From hacker news, a more technical description of several flaws being chained together for the attack:

The vulnerabilities, which affect on-premises SharePoint servers, have been found to leverage incomplete fixes for CVE-2025-49706, a spoofing flaw, and CVE-2025-49704, a remote code execution bug. The bypasses have been assigned the CVE identifiers CVE-2025-53771 and CVE-2025-53770, respectively.

In the attacks observed by Microsoft, the threat actors have been found exploiting on-premises SharePoint servers through a POST request to the ToolPane endpoint, resulting in an authentication bypass and remote code execution.

3 Likes