Urgent Security Advisory: Critical SharePoint Vulnerability CVE-2025-53770

July 21, 2025

A newly disclosed critical vulnerability, CVE-2025-53770, is currently being actively exploited and puts on-premises SharePoint Server environments at serious risk.  If your organization runs SharePoint Server on-premises, it's crucial you act now to secure your systems.

Who’s Affected?

  • Impacted: SharePoint Server on-premises customers (including Subscription Edition, 2019, and 2016 versions).
  • Not Impacted: SharePoint Online customers using Microsoft 365.

What You Need To Do

Apply Security Updates Immediately

  • SharePoint Subscription Edition & 2019: Microsoft has released patches that fully address CVE-2025-53770 and the related CVE-2025-53771. Install these updates without delay.
  • SharePoint 2016: A patch is not yet available. Monitor Microsoft’s official blog closely for release updates

Implement Essential Security Mitigations

  • Stay Current: Always run supported SharePoint versions and apply the latest security patches.
  • Enable AMSI Protection: Ensure the Antimalware Scan Interface (AMSI) is configured and running with a modern antivirus like Microsoft Defender Antivirus.
  • Deploy Defender for Endpoint: Extend Microsoft Defender for Endpoint to all SharePoint servers.
  • Rotate ASP.NET Machine Keys: Refresh machine keys via PowerShell or Central Administration to help prevent key reuse or compromise.

How Microsoft Defender Can Help

Microsoft Defender provides built-in detection and response for threats linked to CVE-2025-53770:

  • Look for Alerts: Use Defender Antivirus and Defender for Endpoint to flag suspicious file activity or PowerShell behavior.
  • Use Vulnerability Management: Defender’s Vulnerability Management can identify unpatched systems and assess your overall exposure.
  • Advanced Hunting: Utilize hunting queries to proactively search for indicators of compromise within your environment.

Act Now to Protect Your Environment

Carrier Access IT urges all on-premises SharePoint users to follow Microsoft’s official guidance and implement the necessary updates and protections. Delaying action could leave your systems exposed to real-world attacks already in progress.

 If you need help patching or configuring your defenses, contact Carrier Access IT today. We're ready to help you respond fast and stay protected.


Back