(Even if you don’t read the article, it’s worth checking whether you are affected by this Sharepoint Zero-Day, for those who are sometimes forced to interact with Sharepoint, even if you never use Microsoft Windows.)
3 Likes
From hacker news, a more technical description of several flaws being chained together for the attack:
The vulnerabilities, which affect on-premises SharePoint servers, have been found to leverage incomplete fixes for CVE-2025-49706, a spoofing flaw, and CVE-2025-49704, a remote code execution bug. The bypasses have been assigned the CVE identifiers CVE-2025-53771 and CVE-2025-53770, respectively.
In the attacks observed by Microsoft, the threat actors have been found exploiting on-premises SharePoint servers through a POST request to the ToolPane endpoint, resulting in an authentication bypass and remote code execution.
3 Likes