Technology News
English Edition
  • Home
  • Internet
  • Internet News
  • Microsoft SharePoint Servers in Thousands of Firms Targeted Using ToolShell Zero Day Vulnerability

Microsoft SharePoint Servers in Thousands of Firms Targeted Using ToolShell Zero-Day Vulnerability

Unknown threat actors are using a weaponised version of an exploit showcased at Pwn2Own Berlin in May to target SharePoint servers around the world.

Written by David Delima | Updated: 21 July 2025 16:55 IST
Microsoft SharePoint Servers in Thousands of Firms Targeted Using ToolShell Zero-Day Vulnerability

Photo Credit: Unsplash/ Ed Hardie

Microsoft has urged customers to install the latest security patches on SharePoint servers

Highlights
  • SharePoint servers are being actively targeted using an RCE exploit
  • Attackers can gain persistent access to a system even after a reboot
  • Microsoft has patched two versions of its SharePoint server software
Advertisement

Microsoft's SharePoint software for servers is being targeted by malicious actors using a remote code execution (RCE) vulnerability to gain unauthorised access, according to the company. The security flaw allows threat actors to target on-premise servers at thousands of firms with SharePoint servers. Researchers state that once attackers have breached these servers, they can gain persistent access, even if the server is patched. Microsoft says it has rolled out a security patch that can mitigate active attacks, and more are on the way.

Threat Actors Gain Persistent Access to Microsoft SharePoint Servers 

The vulnerability affecting SharePoint on-premise servers was reported on July 18 by researchers at European cybersecurity firm Eye Security. They explained that threat actors are using a zero-day, or previously unknown vulnerability, (which has since been identified as CVE-2025-53770 and CVE-2025-53770) to gain access to servers, without using brute force attacks or phishing.

The new zero-day vulnerability is a weaponised version of an exploit that was showcased at Pwn2Own Berlin (a security contest) earlier this year. The US CISA warns that threat actors can execute code on the network, and gain access to all SharePoint content on a server, such as internal configurations or file systems.

According to the researchers, these attackers could use stolen keys to act on behalf of legitimate users. As a result, these attackers can modify components and install other code that lets them retain access to the servers after security patches are installed, or the systems are rebooted.

Palo Alto Networks' Unit 42 wrote on X (formerly Twitter) that the threat intelligence team was observing "active global exploitation" of SharePoint vulnerabilities that were being used to target organisations around the world. Additional details of these attacks were shared via Unit 42's GitHub threat intel repository.

A day later, the Microsoft Security Response Center (MSRC) issued an advisory that confirms the security flaw is being actively exploited by threat actors. The company says it has released a security patch to protect SharePoint Subscription Edition and SharePoint 2019 servers against active attacks using this exploit. 

At the time of publishing this story, Microsoft has yet to roll out a security update for SharePoint 2016 servers. The company's advisory also urges customers to apply the July 2025 security updates, set up the Antimalware Scan Interface (AMSI) in SharePoint, and deploy Microsoft Defender or similar solutions.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Microsoft, SharePoint, RCE, Vulnerability, Cyberattack, Cybersecurity, Security Flaws, Zero Days, Zero Day Flaws, Security, ToolShell
David Delima
David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
OnePlus Could Unveil a Compact Flagship Tablet Alongside OnePlus 13T Successor

Related Stories

Microsoft SharePoint Servers in Thousands of Firms Targeted Using ToolShell Zero-Day Vulnerability
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
Turbo Read

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Flipkart Big Billion Days Sale Date Revealed, Will Compete With Amazon Sale
  2. Top OTT Releases of the Week (Sept 1 - Sept 7): Know What to Watch
  3. Hubble Spots Interstellar Comet 3I/ATLAS as It H\eads for Mars
  4. Amazon Great Indian Festival 2025 Sale Will Begin on This Date
  5. Oppo Reno 14 FS 5G Launches in Select Global Markets With These Features
  6. Samsung Galaxy S25 FE Launched With Exynos 2400 SoC: See Price
  7. Tecno Pova Slim 5G Launched in India With 5.95mm Thin Profile: See Price
  8. Samsung Launches Galaxy Tab S11 Series With Galaxy AI, These Features
  9. NASA Tracks Newly Discovered Bus-Sized Asteroid as It Flies Past Earth
  10. Oppo Set to Release ColorOS 16 Based on Android 16 in October 2025
#Latest Stories
  1. ISRO Tests Parachutes for Gaganyaan Crew Module in Key Rocket-Sled Trial
  2. India’s PRATUSH Computer Could Detect Signals From the Universe’s First Stars: Report
  3. NASA Tracks Newly Discovered Bus-Sized Asteroid as It Flies Past Earth
  4. Ashneer Grover’s Rise and Fall to Premiere on OTT Soon: All the Details
  5. Dyson PencilVac Unveiled Alongside 10 New Floor Cleaners, Air Purifiers and Hair Dryers at IFA 2025
  6. NASA's Hubble Captures Interstellar Comet 3I/ATLAS Ahead of Close Mars Flyby
  7. Raju Jeyamohan-Starrer Bun Butter Jam to Stream on OTT Soon: Know When, Where to Watch Online
  8. Kannappa Now Streaming Online: Know When and Where to Watch This Vishnu Manchu-Starrer Online
  9. NASA’s James Webb Space Telescope Spots Rare Quintet of Galaxies From the Early Universe
  10. Lunar Eclipse September 2025: Know Who Will Get to See the Blood Moon on September 7
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »