Microsoft has become aware of vulnerabilities:
CVE-2025-49706 (spoofing)
CVE-2025-49704 (remote code execution)
CVE-2025-53770 and CVE-2025-53771(disclosed vulnerabilities)
Read more here.
Microsoft has released updates to supported versions of SharePoint Server (Subscription Edition, 2019 and 2016). Please apply these updates immediately.
To mitigate any risks please;
- Use supported versions of on-premises SharePoint Server.
- Apply the latest security updates, including the July 2025 security update.
- Ensure the Antimalware Scan Interface (AMSI) is turned on and configured correctly, with an appropriate antivirus solution, such as Antivirus Microsoft Defender.
- Deploy Microsoft Defender for Endpoint protection or equivalent threat solutions.
- Rotate SharePoint Server ASP.NET machine keys.
This attack highlights the threat protection, automatic patching, updates and reduced infrastructure that SharePoint Online brings, it isn't affected. If you are not on a supported version, please get in touch with us and we can discuss getting you moved to SharePoint Online.