virus logo Threat Signal Report

Microsoft SharePoint Zero-day

What is the Vulnerability?

A critical zero-day vulnerability in Microsoft SharePoint, identified as CVE-2025-53770, has been actively exploited in the wild since at least July 18, 2025. This vulnerability affects on-premises SharePoint Servers and currently has no available patch. Microsoft has confirmed that attackers are targeting this flaw, which appears to be a variant of the previously known CVE-2025-49706.

CVE-2025-53770 stems from the deserialization of untrusted data, allowing a remote, unauthenticated attacker to achieve arbitrary code execution over the network.

What is the recommended Mitigation?

Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-49706. Customers should apply these updates immediately to ensure they’re protected.

Refer to Microsoft’s advisory: Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog | Microsoft Security Response Center

-Follow recommended best practices and detection methods to reduce exposure.
-Monitor systems closely for signs of exploitation.

What FortiGuard Coverage is available?

  • FortiGuard Labs has proactively blocked all known Indicators of Compromise (IOCs) associated with this vulnerability.

  • FortiGuard Labs has released an Intrusion Prevention Service (IPS) update version 33.049, to detect and block attack attempts targeting CVE-2025-53770 and CVE-2025-49706. Intrusion Prevention | FortiGuard Labs

  • FortiGuard Endpoint Vulnerability Service provides a systematic and automated method of patching, eliminating manual processes while reducing the attack surface.
    CVE-2025-49706- Endpoint Vulnerability | FortiGuard Labs
    CVE-2025-53770- Endpoint Vulnerability | FortiGuard Labs

  • The team is continuously monitoring for emerging threats and new IOCs, advising customers to apply Microsoft’s mitigation steps immediately and to monitor for security updates.

  • FortiGuard Labs has posted an Outbreak Alert, providing comprehensive information on the range of FortiGuard services available for detection and protection. View the full report for the latest updates. Microsoft SharePoint Zero-day Attack | Outbreak Alert | FortiGuard Labs

description-logoOutbreak Alert

FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This active campaign is being exploited by multiple threat actors and poses a significant risk to a wide range of sectors including government, education, healthcare, and large enterprises.

View the full Outbreak Alert Report

Additional Resources

Eye Security
PaloAltoNetworks/Unit42-timely-threat-intel
CISA Advisory
Microsoft Update Guide


Released Date Jul 20, 2025
Updated Date Jul 22, 2025
Tags Microsoft SharePoint Zero-day Threat Signal Vulnerability
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert
About FortiGuard Threat Signal

Learn More »