Microsoft released a security update to address a vulnerability in SharePoint, identified as CVE-2025-53770.
The vulnerability affects on-premises SharePoint Server products, including SharePoint Subscription Edition.
According to Microsoft, the vulnerability has been actively exploited in cyberattacks. The company has advised all affected users to apply the update immediately.
Microsoft’s Security Response Center published technical details outlining the vulnerability and its potential impact. The update is designed to reduce the risk of unauthorized access or data compromise resulting from the flaw.
The company also guided applying the update and implementing mitigation measures. Microsoft noted that systems may remain at risk if the update is not installed.
The cyberattacks targeting this vulnerability are ongoing. Microsoft is monitoring the situation and has committed to releasing further updates and support as needed.
Organizations using SharePoint systems are encouraged to assess their security configurations and follow Microsoft’s recommended practices.
Microsoft has not disclosed the number of affected systems but noted that SharePoint has widespread enterprise use globally.
The security update is available through Microsoft’s official support channels and applies to specific SharePoint Server editions listed in the company’s documentation.
