Microsoft SharePoint zero-day breach hits 75 servers: Here’s what the company said

An unpatched and critical zero-day vulnerability in Microsoft SharePoint is being actively exploited by hackers. Tracked as CVE-2025-53770, the vulnerability is being actively exploited in a large-scale cyberattack which has led to the compromise of 75 company servers, including major corporations and US government agencies. This server security threat poses a serious threat to organisations which completely rely on the Microsoft collaboration platform. Microsoft has acknowledged the issue and has said that the company is actively working to release a security update for the vulnerability. “Our team is actively working to release a security update and will provide additional details as they are available,” said the company.

Microsoft SharePoint vulnerability CVE-2025-53770: Key details