Microsoft SharePoint under 'active exploitation,' Homeland Security's CISA says

Source: ABC News

July 21, 2025, 5:33 AM


The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has posted an alert saying it is aware of "active exploitation" of a new vulnerability to Microsoft SharePoint "enabling unauthorized access to on-premise SharePoint servers."

The exploitation activity "provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network," the post stated.

"The FBI is aware of the matter, and we are working closely with our federal government and private sector partners," the bureau said in a statement.

According to a Microsoft customer guidance blog post issued Saturday, "Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update."

Read more: https://abcnews.go.com/US/microsoft-sharepoint-active-exploitation-dhs-cisa/story?id=123917093