A new security bug in Microsoft SharePoint is being exploited by hackers, who are… Out of the box, SharePoint includes role-based security, and you can use…
A newly discovered security flaw, identified as CVE-2025-53771, has come to light and is currently being actively exploited by hackers.
According to CISA (the U.S. Cybersecurity and Infrastructure Security Agency), this bug in Microsoft SharePoint allows hackers to steal digital security keys from servers without needing any passwords or login credentials.
Once these keys are stolen, attackers can use them to access sensitive files, install malware, and move deeper into the company’s network. Since SharePoint often connects with other services like Outlook, OneDrive, and Teams, the risk of further compromise increases significantly.
In simple terms, this vulnerability gives hackers a way in—without even needing to log in.
Experts are warning that if your organization uses SharePoint on self-managed servers, and they are exposed to the internet, you should assume the system is already compromised.
Until Microsoft releases an official patch to fix the issue, disconnecting vulnerable servers from the internet is strongly recommended as the safest step.
This security issue affects all versions of SharePoint Server starting from 2016 and onwards. Most businesses use these versions to host the platform on their own servers for storing and sharing internal data.
Microsoft has confirmed the issue and is actively working on developing a solution. However, as of now, no official security patch has been released for many of the affected versions.
This means that many companies remain exposed to the risk, and until Microsoft provides a solution, they need to take precautions on their own to stay protected.
Cybersecurity firm Eye Security, which was the first to report this vulnerability, said it found dozens of affected SharePoint servers already compromised on the internet.
They also warned that since SharePoint is connected to other apps like Outlook, Teams, and OneDrive, a single breach could lead to a much larger network intrusion.
In simple terms, if hackers get into one system, they could easily move into others. That is why businesses need to act quickly and take necessary precautions.
There are calls for businesses to act now. Experts say if a SharePoint server is publicly exposed to the internet, it should be considered compromised. For now, they are suggesting that affected systems be disconnected from the internet.
The source of the attack is unclear, but it is the latest in a series of major cyberattacks that have focused attention on hacking groups tied to China and Russia, as well as hacking related to Microsoft platforms.
Stay alert. Patch fast. And if in doubt—disconnect.
