CVE-2025-53770: What Security Teams Need to Know About the SharePoint RCE Vulnerability

A critical remote code execution vulnerability (CVE-2025-53770) in on‑premises Microsoft SharePoint Server is being actively exploited by multiple threat groups, including nation-state actors; the flaw can allow attackers to run arbitrary code, steal cryptographic machine keys for persistence and lateral movement, and has public PoCs. Microsoft released a patch and the report recommends immediate patching, rotating ASP.NET machine keys, enabling AMSI, deploying endpoint detection, and conducting threat hunting using published IOCs.