ToolShell Zero-day: Microsoft Rushes Emergency Patch for Actively Exploited SharePoint Vulnerabilities

On July 19, 2025, Qualys published guidance on two zero-day vulnerabilities in Microsoft SharePoint Server—CVE-2025-53770 (critical RCE, CVSS 9.8, actively exploited as “ToolShell”) and CVE-2025-53771 (path-traversal spoofing, CVSS 6.3)—affecting multiple on-premises SharePoint versions; the advisory details impact, evidence of active exploitation (Microsoft, CISA, NHS), Qualys detection QIDs, and urgent mitigation/patching steps via Qualys VMDR/CSAM and TruRisk.