July 2025 SharePoint (onPrem) Vulnerabilities - Exec Summary

Tags: cyberattacks, Security Breaches, Sharepoint

This is getting a lot of attention in the news cycle and it seems to be pretty significant for some customers.

Summary

Microsoft has disclosed several critical vulnerabilities affecting on-premises SharePoint Server environments. These flaws are being actively exploited by advanced threat actors to gain unauthorized access, execute remote code, and bypass security controls.

Affected Versions

SharePoint Server 2016
SharePoint Server 2019
SharePoint Server Subscription Edition

Note: SharePoint Online (Microsoft 365) is not impacted.

Vulnerability Overview

The most critical issue, CVE-2025-53770, allows attackers to exploit ASP.NET machine key configurations to impersonate users and execute arbitrary code. Additional vulnerabilities include:

CVE-2025-53771 – Security bypass
CVE-2025-49706 – Spoofing
CVE-2025-49704 – Remote code execution

These vulnerabilities are being used in multi-stage attacks that begin with SharePoint exploitation and escalate to broader network compromise.

What Is a ZTE?

Zero Trust Exploits (ZTEs) refer to vulnerabilities or attack techniques that undermine the principles of a Zero Trust Architecture—a security model that assumes no implicit trust, even within the network perimeter. In this case, attackers are exploiting SharePoint to gain initial access and then move laterally, bypassing identity and access controls that Zero Trust is designed to enforce.

While the vulnerabilities themselves are not exclusive to Zero Trust environments, their exploitation highlights gaps in enforcement and monitoring that Zero Trust strategies aim to mitigate.