CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

**Executive summary:** Two critical zero-day vulnerabilities in on‑premises Microsoft SharePoint (CVE-2025-53770 CVSS 9.8 and CVE-2025-53771) are being actively exploited in the wild; Cybereason and other vendors observed webshell deployments, encoded PowerShell execution and exploitation patterns tied to China‑linked groups and follow‑on eCrime actors, and recommend assuming compromise, immediate patching, isolating affected servers, rotating ASP.NET machine keys, searching for POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit and suspicious .aspx files, and conducting historical incident response lookbacks.