High Threat Security Alert (A25-07-16): Multiple Vulnerabilities in Microsoft SharePoint Server

Description:

Microsoft released a security update to address vulnerabilities in Microsoft SharePoint Server. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerabilities.

Reports indicated that the remote code execution vulnerability (CVE-2025-53770) is being exploited in the wild. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Microsoft SharePoint Server 2019 prior to 16.0.10417.20037
• Microsoft SharePoint Enterprise Server 2016 prior to 16.0.5513.1001
• Microsoft SharePoint Server Subscription Edition prior to 16.0.18526.20508

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure, security restriction bypass or spoofing on an affected system.

Recommendation:

Patches for Microsoft SharePoint Server are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://msrc.microsoft.com/update-guide/releaseNote/2025-Jul
• https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-july-2025
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53770
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53771