On the evening of July 18, 2025, Eye Security was the first in identifying large-scale exploitation of a new SharePoint remote code execution (RCE) vulnerability chain in the wild. Read how we found it & what we did afterwards.
These CVEs are only for On-Prem Sharepoint. Not Office/Microsoft 365 Sharepoint, which is the cloud based one integrated into Teams, underlying behind Onedrive, etc.
So not as chaotic or wide reaching as you might be thinking.
These CVEs are only for On-Prem Sharepoint. Not Office/Microsoft 365 Sharepoint, which is the cloud based one integrated into Teams, underlying behind Onedrive, etc.
So not as chaotic or wide reaching as you might be thinking.