News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. CVE-2025-53770 and CVE-2025-53771 affecting Microsoft Sharepoint

CVE-2025-53770 and CVE-2025-53771 affecting Microsoft Sharepoint

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

4:00pm, 21 July 2025

TLP Rating: Clear

CVE-2025-53770 and CVE-2025-53771 affecting Microsoft Sharepoint

CVE-2025-53770 & CVE-2025-53771 are variants of the existing vulnerabilities CVE-2025-49704 & CVE-2025-49706. This exploitation activity, publicly reported as “ToolShell”, provides unauthenticated access to systems and enables malicious actors full access to SharePoint content, including file systems, internal configurations, could allow code execution and persistent access through exfiltration of IIS machine keys. 

What's happening

Systems affected

On-premises SharePoint Servers.

What this means

On-premises SharePoint Servers exposed to the internet could be vulnerable to exploitation by remote unauthenticated attack.

What to look for

How to tell if you're at risk

On-premises Sharepoint servers exposed to the internet are at risk of being exploited.

How to tell if you're affected

Refer to Microsoft Security Advisory External Link

What to do

Prevention

Refer to Microsoft Security Advisory External Link

Mitigation

Refer to Microsoft Security Advisory External Link

More information

If you require more information or further support, submit a report on our website or contact us on 0800 114 115

Report an incident to NCSC External Link

For media enquiries email our media team at media@ncsc.govt.nz