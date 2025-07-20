Many companies and public authorities operate their own servers for sharing files via Microsoft's SharePoint software. Due to a vulnerability, they are now exposed to hacker attacks. (archive picture) Image: Keystone

Many companies and public authorities operate their own servers for sharing files via Microsoft's SharePoint software. Due to a vulnerability, they are now exposed to hacker attacks.

IT security experts are sounding the alarm because authorities and companies are being attacked via a newly discovered vulnerability in Microsoft software. Local servers for the SharePoint file-sharing program are affected.

Attackers have already penetrated the systems of "dozens" of organizations via the vulnerability, both in the business and government sectors, a manager at IT security firm Palo Alto Networks told the Washington Post.

Access to the servers potentially opens up the possibility of stealing data and tapping into passwords, warned the Dutch company Eye Security. Worse still, according to its experts, attackers can also steal digital keys, which they could later use to gain access to computer systems with a closed security gap.

"A significant vulnerability"

Anyone running a SharePoint server has a problem, said a manager at security firm Crowdstrike. "It's a significant vulnerability." Eye Security recommends isolating or shutting down servers in light of the attacks on "thousands" of them.

Microsoft confirmed the problem in a blog post and released updates to fix the vulnerability. It initially remained unclear who was behind the attacks. In the USA, servers belonging to two federal authorities were successfully attacked, wrote the Washington Post, citing experts. No details were given as to which authorities were involved.

US authority also warns

Microsoft had recently closed several vulnerabilities with an update. The attackers then found a similar vulnerability elsewhere. The US IT security authority CISA called on affected government agencies and companies to act quickly. The first indications of the attacks emerged on Friday.

We added Microsoft SharePoint server remote code execution vulnerability CVE-2025-53770 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #ToolShell pic.twitter.com/Y6aNU7o1B9 — CISA Cyber (@CISACyber) July 20, 2025

Most recently, in 2023, suspected Chinese hackers gained access to emails in some US authorities via a vulnerability in Microsoft software.