Week 30 – Update your on-prem SharePoint ASAP
21 – 27 July 2025
In recent days, the cybersecurity community has been focusing on newly discovered critical SharePoint vulnerabilities, so it was an easy choice to pick our CVE of The Week.
The issue with the highest score is tracked as CVE-2025-53770 and has a critical CVSS score of 9.8. Affected versions are on-prem SharePoint Server 2016, 2019 and Subscription edition.
The flaw allows attackers to perform remote code execution (RCE), by using specially crafted HTTP POST requests to endpoints like /ToolPane.aspx. This way, threat actors can bypass authentication, deploying malicious web shells, such as spinstall0.aspx. Through the backdoors sensitive server keys can be stolen and can lead to privilege escalation or lateral movement.
Unfortunately, the CVE is currently exploited in the wild alongside CVE-2025-53771, CVE‑2025‑49704 and CVE‑2025‑49706. According to Microsoft, this campaign has impacted hundreds of organizations across government, education, and private sectors.
Security patches already published by Microsoft, so do not forget to apply the updates as soon as possible. It is also recommended to rotate the ASP.NET machine keys and enable AMSI (Antimalware Scan Interface).
For further information, read the MS Security Blog:
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.