Emergency Updates Fix 2 Zero-Day Vulnerabilities in SharePoint

⚡ TL;DR | Go Straight to the SharePoint Vulnerability Audit Report

Microsoft has released emergency security updates for SharePoint fixing 2 zero-day vulnerabiltiies that have already been exploited and are threatening services worldwide. We have added a new report to Lansweeper that allows you to find vulnerable installs that need to be updated to keep your network safe.

SharePoint Vulnerabilities CVE-2025-53770 and CVE-2025-53771

The vulnerabilites tracked as CVE-2025-53770 and CVE-2025-53771 are a RCE and spoofing vulnerability respecitvely with a critical severity rating. Together they are being exploited in ToolShell attacks on SharePoint servers worldwide, which have impacted at least 54 organizations so far. The vulnerabilities apply only to on-premise SharePoint servers. SharePoint Online in Microsoft 365 is not impacted. You can find more details and update instructions in Microsoft’s advisories for CVE-2025-53770 and CVE-2025-53771.

These vulnerabilities were discovered in the wake of 2 other vulnerabilities (CVE-2025-49706 and CVE-2025-49704) that were discovered in May and patched in the July Patch Tuesday update, bypassing these earlier fixes.

Update Vulnerable SharePoint Installations

Microsoft has released a number of emergency security updates for Microsoft SharePoint Subscription Edition, SharePoint 2019, and SharePoint 2016 fixing both zero-day flaws. These include more robust protections than the earlier than the updates from Patch Tuesday. Users should install the following updates immediately:

• The KB5002754 update for Microsoft SharePoint Server 2019 Core and KB5002753 for the Microsoft SharePoint Server 2019 Language Pack.
• The KB5002760 update for Microsoft SharePoint Enterprise Server 2016 and KB5002759 for the Microsoft SharePoint Enterprise Server 2016 Language Pack.
• The KB5002768 update for Microsoft SharePoint Subscription Edition.

Further instructions on how to protect your environment once these updates have been installed can be found in Microsoft’s Customer Guidance blog.

Discover Vulnerable SharePoint Installs

Both vulnerabilities CVE-2025-53770 and CVE-2025-53771 can be found in Lansweeper’s Security Insights in the Cloud console, providing all vulnerability details, as well as a list of affected assets, or you can use the on-prem report to discover and affected installs. This will give you a list of installs that are at risk and need to be updated. You can find the vulnerability pages or the report via the link below.