• Privacy Policy
  • Advertise
  • Contact Us
  • Login
Egy Economy
Advertisement
  • Egy Economy
  • Economy
    • Local
    • International
  • Stock Markets
    • Stock Exchange
    • Cash
  • Prices
  • Real Estate
  • Tech
  • Tourism
  • More
    • Opinions
    • Success Story
    • Variety
  • العربية
No Result
View All Result
  • Egy Economy
  • Economy
    • Local
    • International
  • Stock Markets
    • Stock Exchange
    • Cash
  • Prices
  • Real Estate
  • Tech
  • Tourism
  • More
    • Opinions
    • Success Story
    • Variety
  • العربية
No Result
View All Result
Egy Economy
No Result
View All Result
Home Tech

Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief

إيجى إيكونومى by إيجى إيكونومى
23 July، 2025
in Tech
0
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief
153
SHARES
1.9k
VIEWS
Share on FacebookShare on Twitter

Palo Alto Networks’ Unit 42 is tracking high-impact, ongoing threat activity targeting on-premises Microsoft SharePoint servers. While cloud environments remain unaffected, on-premises SharePoint deployments — particularly within government, schools, healthcare (including hospitals) and large enterprise companies — are at immediate risk.

CVE-2025-49704, CVE-2025-49706, CVE-2025-53770 and CVE-2025-53771 are a set of vulnerabilities that impact Microsoft SharePoint. CVE-2025-49704 and CVE-2025-49706, or CVE-2025-53770 and CVE-2025-53771 may be chained together, which can allow unauthenticated threat actors to access functionality that is normally restricted, to run arbitrary commands on vulnerable instances of Microsoft SharePoint.

In addition to the CVE reports, Microsoft has released further guidance on these vulnerabilities. The vulnerabilities, their CVSS scores and their descriptions are detailed in Table 1.

CVE Number Description CVSS Score

CVE-2025-49704

Improper control of generation of code (code injection) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. 8.8

CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. 6.5

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. 9.8

CVE-2025-53771

Improper limitation of a pathname to a restricted directory (path traversal) in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. 6.5

Table 1. List of recent vulnerabilities affecting Microsoft SharePoint.

These vulnerabilities all apply to Microsoft SharePoint Enterprise Server 2016 and 2019. CVE-2025-49706 and CVE-2025-53770 also apply to Microsoft SharePoint Server Subscription Edition. Microsoft has stated that SharePoint Online in Microsoft 365 is not impacted.

We are currently working closely with the Microsoft Security Response Center (MSRC) to ensure that our customers have the latest information and we are actively notifying affected customers and other organizations. This situation is evolving rapidly, so it’s advisable to check Microsoft’s recommendations frequently.

We have observed active exploitation of these SharePoint vulnerabilities. Attackers are bypassing identity controls, including multi-factor authentication (MFA) and single sign-on (SSO), to gain privileged access. Once inside, they’re exfiltrating sensitive data, deploying persistent backdoors and stealing cryptographic keys.

The attackers have leveraged these vulnerabilities to get into systems and in some cases are already establishing their foothold. If you have SharePoint on-premises exposed to the internet, you should assume that you have been compromised. Patching alone is insufficient to fully evict the threat.

We are urging organizations who are running vulnerable on-premises SharePoint to take the following actions immediately:

• Apply all relevant patches now and as they become available

• Rotate all cryptographic material

• Engage professional incident response

 

 

 

 

Tags: egyeconomyشركة Palo Alto networks

Related Posts

ticipates in FRANEX 2026 to Support Digital Transformation in the Franchise Sector
Tech

ticipates in FRANEX 2026 to Support Digital Transformation in the Franchise Sector

4 July، 2026
Huawei Launches Model-as-a-Service (MaaS) in Egypt to Facilitate Enterprise AI Adoption
Tech

Huawei Launches Model-as-a-Service (MaaS) in Egypt to Facilitate Enterprise AI Adoption

25 June، 2026
Vodafone  Egypt strengthens security for 55 million customers with Company-Wide ISO/IEC 27001 Certification 
Tech

Vodafone Egypt strengthens security for 55 million customers with Company-Wide ISO/IEC 27001 Certification 

23 June، 2026
EFG Hermes Leads Landmark EGP 5.1 Billion Corporate Bond Issuance for EFG Corp-Solutions, the Largest in Egypt’s Debt Capital Market
Tech

EFG Hermes Leads Landmark EGP 5.1 Billion Corporate Bond Issuance for EFG Corp-Solutions, the Largest in Egypt’s Debt Capital Market

4 June، 2026
Eid in Dubai Shop, Scan & Win Rewards Campaign gave away AED 200,000 among 25 Lucky Winners –
Tech

Eid in Dubai Shop, Scan & Win Rewards Campaign gave away AED 200,000 among 25 Lucky Winners –

3 June، 2026
Apple launch  queues turn into Cairo scenes… but this time in front of cardoO
Tech

Apple launch queues turn into Cairo scenes… but this time in front of cardoO

22 May، 2026
ADVERTISEMENT
No Result
View All Result

Recent Posts

  • Swypex Becomes Official Sponsor of Newgiza Sports Club’s Girls’ Basketball Teams
  • B.TECH Strengthens Customer Experience with an Integrated Ecosystem of Smart Solutions and Advanced After-Sales Services* 
  • IGC Operations in Egypt with Strategic 500 KV Power Transmission Project with the Ministry of Electricity and Renewable Energy
  • Misr Abu Dhabi for Real Estate Investments (MAD) Highlights Expansion Strategy Backed by a Diversified Investment Portfolio
  • OPPO Continues Its Expansion in Egypt with the Opening of Its Fifth Branch in Benha  
  • Inception42 and NXT Holding Forge Strategic Partnership to Advance AI Collaboration Across the UAE and Beyond
  • Amr Abol-Enein Named Among Forbes Middle East’s Top 50 Asset Managers for 2026
  • J Communities launches, integrating New Jersey Developments into a unified investment platform
  • Qatar Airways Returns to Farnborough International Airshow 2026
  • Dubai Developments and AEMP Begin a New Chapter in Spark Mall’s Story
  • Standard Chartered partners with BlackRock to launch Asia Pacific multi-asset fund
  • Egyptian Developers to start delivering “Jaya East” project in Shorouk City next August
  • Hyde Park Developments and El Safa Hospitals Launch SAFA MEDI.PLEX to Expand Healthcare Services at Hyde Park New Cairo
  • Infinix Prepares to Launch a New HOT Series Smartphone in Egypt with AI-Powered Features and Enhanced Performance for Summer Adventures
  • PLDG Development completes first phase sales of “Etlala” project and prepares to launch the second one
  • People & Places Signs EGP 1.4 billion Construction Agreement with Redcon Construction for The Med, Ras El Hekma
  • Saudi Arabia set to participate in 2026 UN High-Level Political Forum on Sustainable Development
  • Almarai Delivers Strong Q2 2026 Growth and Resilient Profitability
  • Alliance of “El Etahad Development” with “Summit Development” and “Dynamic Group” launches “BAYAN Compound” project
  • Dubai Development introduces Walk’n project, delivering a new landmark destination in West Cairo

      Egy Economy

      © 2023 - إيجى إيكونومى.. بوابة إلكترونية متخصصة فى تغطية أخبار البيزنس والاقتصاد فى مصر والعالم العربى.

      روابط هامة

      • Egy Economy
      • Privacy Policy
      • Advertise
      • Contact Us

      تابعنا

      Welcome Back!

      Login to your account below

      Forgotten Password?

      Retrieve your password

      Please enter your username or email address to reset your password.

      Log In
      No Result
      View All Result
      • Egy Economy
      • Economy
        • Local
        • International
      • Stock Markets
        • Stock Exchange
        • Cash
      • Prices
      • Real Estate
      • Tech
      • Tourism
      • More
        • Opinions
        • Success Story
        • Variety
      • العربية

      © 2023 - إيجى إيكونومى.. بوابة إلكترونية متخصصة فى تغطية أخبار البيزنس والاقتصاد فى مصر والعالم العربى.

      -
      00:00
      00:00

      Queue

      Update Required Flash plugin
      -
      00:00
      00:00