Over the weekend, Integrity360 has been asked by multiple customers about a recent critical vulnerability (CVE-2025-53770) targeting on-premise instances of Microsoft Sharepoint using a deserialisation flaw. This zero-day has been reportedly widely exploited since mid-July, posing serious risk to any unpatched on-premise Sharepoint environment (Subscription, Server 2016 and Server 2019). Integrity360 wants to reassure customers that the vulnerability does not affect any cloud instances of SharePoint Online of which the majority of organisations are using. On-premise Sharepoint is likely to be converted to (or in the process of) Microsoft 365 across lots of organisations due to the extended end date of Microsoft support running out in the near future.

That being said, should organisations still have on-premise Sharepoint, they should absolutely carry out the following mitigations:

1. Use supported versions of on-premises SharePoint Server 
2. Apply the latest security updates, including the July 2025 Security Update 
3. Ensure the Antimalware Scan Interface (AMSI) is turned on and configured correctly, with an appropriate antivirus solution such as Defender Antivirus 
4. Deploy Microsoft Defender for Endpoint protection, or equivalent threat solutions 
5. Rotate SharePoint Server ASP.NET machine keys 

If you observe anything suspicious in your environment, please don't hesitate to reach out to the Integrity360 team for a compromise assessment.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.