Sharepoint Zero-Day CVE-2025-53770 Actively Exploited: What Security Teams Need To Know
Check Point, Monday, July 21st, 2025
A critical zero-day SharePoint remote code execution (RCE) vulnerability, tracked as CVE-2025-53770 and nicknamed 'ToolShell,' is currently under active exploitation.
This vulnerability affects on-premise Microsoft SharePoint servers, allowing unauthenticated attackers to gain full access and execute arbitrary code remotely. Despite public guidance from Microsoft and an alert from CISA, a full security patch is not yet available.