CISA Urges Federal Agencies: Fix Critical Microsoft SharePoint Server Flaw by July 21
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive. Federal agencies must fix a critical Microsoft 365 SharePoint Server flaw, tracked as CVE-2025-53770, by July 21, 2025. This vulnerability is actively exploited and poses a significant threat to networks.
CVE-2025-53770 is a deserialization vulnerability that allows unauthorized attackers to execute code remotely. It's a variant of CVE-2025-49706, patched in July 2025's Patch Tuesday updates. Attacks exploiting this flaw use stolen machine keys to persist and move laterally, making detection challenging without deep endpoint visibility.
CISA added this vulnerability to its Known Exploited Vulnerabilities catalog. Private organizations are urged to review this catalog and address the flaw in their Microsoft 365 infrastructure. Microsoft recommends enabling AMSI integration and deploying Microsoft Defender across all SharePoint Server farms for protection. The tech giant is also preparing a comprehensive update to address the issue.
The CVE-2025-53770 vulnerability in Microsoft 365 SharePoint Server has a CVSS score of 9.8, indicating its severe nature. With active exploitation, prompt action is necessary. Federal agencies have until July 21, 2025, to fix this vulnerability and protect their Microsoft 365 networks.
Read also:
- U.S. CBP's Operation Plaza Spike Boosts Fentanyl Seizures Along Arizona-Mexico Border
- Regensburg Court Sentences Pizza Delivery Owner for Illegal Employment, Tax Evasion
- Tesla's EV Market Share Plummets in Europe, US Competition Intensifies
- Catastrophe at a U.S. Steel facility in Pennsylvania results in the loss of two lives. crucial details unveiled
