de fr sv
Contact us
PH_wp_[EN]_Blog listing - banner
Experience & Insights Get knowledge, news, inspiration, tips and invitations about Quality Assurance directly in your inbox.
Stay updated
de fr sv
icon-software_testing

Software Testing
icon-strategy Test Strategy icon-management Test Management icon-performance_testing Performance Testing scopeprocess Data reconciliation icon-agile Agile Methods icon-risk_based_testing Risk-based testing icon-embedded_testing Embedded testing icon-training-1 QA Training
icon-high end automation

Intelligent Automation
icon-test_automation Test Automation icon-continuous_integration CI/CD
icon-AI_growth

AI-Powered Quality
Consulting AI Consulting icon-training AI training GenAI AI Assistant icon-ai_assistent AI Workflow Framework versatility AI Model testing
icon-sap_testing

SAP Migration
icon-cybersecurity

Cybersecurity
icon-security_governance Security Governance icon-security_compliance Security Compliance icon-security_architecture Security Architecture icon-penetration_testing Penetration Testing icon-software_testing Vulnerability Scanning icon-operational_security Operational Security
icon-systems

Test & Measurement Systems
icon-additional_services

Requirements & UX Design
icon-security_compliance Requirements icon-ux_design UX Design
icon-location_pin

Nearshore Testing
iconai_integration

Artificial Intelligence & QA
icon-cybersecurity

Cybersecurity approach
icon-sap_testing

SAP & Data Migration
icon-salary

Cost-optimization
icon-quality service

About QESTIT
icon-time

History
icon-growth

Executive Management
icon-CSR governance

CSR approach
icon-partnership

Our references
validation

Our partners
icon-launch-02

Work @ QESTIT
icon-culture

Get to know us
icon-personal_development

We take you further
icon-profile

Picture yourself
icon-job_board

Job openings
icon-news

News
icon-blog

Blog
icon-resources

In-depth Resources
Contact us
Black-and-white image of an IT specialist analyzing source code to protect against cyberattacks.

Zero-Day Vulnerabilities in Microsoft SharePoint

What’s really going on – and why are even major enterprises struggling to respond?

 

What’s this all about?

Two critical vulnerabilities in Microsoft SharePoint have recently been uncovered and are attracting significant attention. These are so-called “zero-day exploits” – security gaps that have no fixes available at the time of discovery:

 

  • CVE-2025-53770

  • CVE-2025-53771

 

They allow attackers to bypass authentication entirely, granting access to servers and sensitive data without credentials. That’s what makes them so high-risk.

The Technical Core – Explained Simply

Both vulnerabilities are related to how SharePoint handles login data:

 

  • CVE-2025-53770 opens the door to Remote Code Execution.
    In practical terms: attackers can send commands to your SharePoint server from the outside – and the server executes them, no questions asked.

  • CVE-2025-53771 is a Security Feature Bypass.
    In plain English: SharePoint’s built-in defenses fail to notice the intrusion – like a silent alarm that never goes off.

 

Used together, these two flaws let attackers seize full control of the affected system.

 

How Are These Vulnerabilities Exploited?

The attackers focus on the SharePoint login interface. They send manipulated requests that disguise harmful code as legitimate traffic. The system doesn’t recognize the threat.

 

The hackers:

 

  • Send a crafted request that looks like a normal login attempt

  • Exploit the flaw that tricks the server into thinking: “Everything’s fine, go ahead and run this code!”

  • Gain access to confidential data or admin rights – without a password

 

Who Was Targeted – and Why It Matters

Over 400 organizations across the globe have already been hit – including high-security entities like the U.S. National Nuclear Security Administration (NNSA), responsible for safeguarding America’s nuclear arsenal.

 

The attackers focused on government bodies, research centers, IT providers, and other institutions handling highly sensitive or strategic information.

 

What Data Was Exposed – and What Are the Risks?

Attackers used the exploited SharePoint systems to extract critical information, including:

 

  • Confidential documents: contracts, strategy papers, proprietary business data

  • Security-related content: including nuclear safety protocols and procedures

  • Personal staff data: login credentials and employee identities

 

The full impact is still being assessed. But the nature of the stolen data points to serious risks – from corporate espionage to breaches of national security.

 

How High Are the Damages and the Effort Involved?

Incidents like these often result in damages running into the millions. Direct costs include forensic analysis, rebuilding compromised infrastructure, and rotating authentication mechanisms. Comparable breaches have cost affected companies several million euros – and that’s without accounting for:

 

  • Loss of customer and partner trust

  • Long-term brand damage

  • Regulatory penalties under data protection laws

 

Why Couldn’t Large Organizations Like the U.S. Nuclear Agency Stop This?

Zero-day flaws are unknown until they’re exploited – that’s what makes them so dangerous. Even well-funded, security-conscious organizations are exposed because:

 

  • There are no defenses against something you don’t know exists

  • No vendor patch is available at the time

  • Attackers move fast – often within hours of the discovery

 

The result: even the best-prepared systems can be caught off guard.

 

How Can You Protect Yourself – and What Are Affected Organizations Doing Now?

Zero-day attacks can’t always be prevented – but their impact can be reduced:

 

  • Apply security patches immediately (Microsoft has released updates)

  • Restrict access to login portals – allow only trusted IPs and networks

  • Use multi-factor authentication (2FA) wherever possible

  • Take vulnerable SharePoint instances offline if compromise is suspected

 

Organizations hit by the attack are responding by:

 

  • Monitoring for abnormal behavior on affected systems

  • Isolating compromised infrastructure

  • Resetting all credentials and security tokens

  • Investigating the scope of the breach with forensic tools

 

Why Do Vulnerabilities Like This Exist?

Large-scale platforms like SharePoint are built on millions of lines of code. With that level of complexity, mistakes are inevitable – even for vendors like Microsoft. Gaps in testing or overlooked edge cases can lead to serious vulnerabilities.

 

And attackers know that. Zero-day flaws are a goldmine for cybercriminals – used for theft, blackmail, or strategic spying.

 

Further Reading and Sources:

Microsoft Security Response Center (MSRC)
CISA Security Advisories
Tom’s Guide – Simple explanation of the vulnerabilities

Martin Bishoff

Martin is a certified CISSP security enthusiast. His focus is currently on expanding the information security consulting business in the DACH region, to ensure our customers are well protected.

EXPERIENCE AND INSIGHTS Stay updated!

Get knowledge, news, inspiration, tips and invitations about Quality Assurance directly in your inbox.

share the article

Yes, let's get inspired!
headquarters

QESTIT

20 rue d’Athènes
75009 Paris, France

QESTIT AG

Thurgauerstrasse 54
8050 Zurich, Switzerland

See all of our locations
follow us on social media:
linkedin linkedin instagram instagram youtube youtube
Our Services
Software testing Intelligent Automation AI-Powered Quality SAP Migration Cybersecurity Test & Measurement Systems Requirements & UX Design
About us
About QESTIT Careers Job Openings Contacts
Knowledge Hub
News Blog In-Depth Resources
Copyright© 2025 Qestit
Accessibility Privacy Policy Legals