A new critical vulnerability of remote code execution (RCE) has been identified in Microsoft SharePoint Server, and is already generating maximum concern among corporate cybersecurity equipment. The finding has been released by Bitdefender, who has launched an alert on the gap, recorded under the ID-2025-53770 identifier. According to the report, the ruling would allow a remote attacker to execute arbitrary code on the affected server, without valid credentials.

Security failure lies in the way SharePoint Server manages application packages when certain specific APIs are used. Vulnerability exploitation does not require user interaction and can be automated, which multiplies the potential of large -scale attacks. This threat affects, among other versions, SharePoint Server Subscription Edition (January 2025), 2016 and 2019.

From Bitdefender they warn that the combination of remote access, arbitrary execution capacity and the possibility of automation makes this vulnerability one of the most critical of what is going from year. “We have proven that an attacker with moderate technical knowledge can take advantage of this vulnerability to take total server control,” says the Bitdefender research team.

CVE-2025-53770 affects recent server versions and could allow attackers to execute malicious code without previous authentication

There is no evidence of active exploitation, but the risk is imminent

Although no active exploitation of vulnerability has not yet been detected, Bitdefender remarks that the attackers usually act quickly once the attack routes are made public. In fact, a proof of concept (POC) has already been shared that demonstrates how to exploit the ruling, which accelerates the risk of criminal groups or state actors integrating it into their tool kits.

Microsoft, meanwhile, has not yet issued an official patch, although it is expected to do so in its next security updates cycle. Meanwhile, experts recommend applying network restrictions, deactivating unnecessary functions and monitoring any abnormal behavior on SharePoint servers.

Recommendations to mitigate the immediate impact

In the absence of a patch, organizations are advised to implement the following containment measures:

  • Limit access to the SharePoint server to reliable internal networks.
  • Use EDR (Endpoint Detection and Response) solutions to detect suspicious activity.
  • Check the system logs in search of unusual calls to package loaders.
  • Establish a temporary insulation policy if it is suspected that the system has been compromised.

Bitdefender also recommends keeping up with the updates of the Microsoft Security Bulletin and subscribing to threat intelligence services that warn about new exploitation attempts.

A new call for security in collaborative environments

This incident once again focuses on the need to strengthen security on business collaboration platforms, especially those that, such as SharePoint, integrate documentary flows, process automation and connectivity with Microsoft 365.

“Organizations must assume that any software exposed to the Internet is a potential objective. SharePoint is no exception, and its popularity makes it a key piece within the radar of cybercriminals,” they emphasize from Bitdefender.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.