Key findings : A critical zero-day vulnerability (CVE-2025-53770 ) in SharePoint on-prem is actively being exploited in the wild. Dubbed “ToolShell,” the campaign enables unauthorized access to on-prem SharePoint servers, posing a serious risk to corporate environments Check Point Research identified the first signs of the exploitation on July 7th. Since then, we’ve confirmed dozens of compromised servers across government, telecommunications, and software sectors in North America and Western Europe. Alarmingly, we see that the attackers also leverage known Ivanti Endpoint vulnerabilities throughout the campaign. A critical zero-day SharePoint remote code execution (RCE) vulnerability, tracked as CVE-2025-53770 and nicknamed “ToolShell,” is currently […]
The post SharePoint Zero-Day CVE-2025-53770 Actively Exploited: What Security Teams Need to Know appeared first on Check Point Blog.
Read the original article: