A major global cyberattack is unfolding as a newly discovered vulnerability in Microsoft SharePoint exposes tens of thousands of on-premise servers to active exploitation. This zero-day flaw, still unpatched in some versions, has impacted networks across government agencies, businesses, and universities around the world.

The vulnerability, identified as CVE-2025-53770, has already led to unauthorized intrusions in the past few days, prompting urgent action from security teams and global cyber watchdogs. Microsoft confirmed the issue in a security advisory released Saturday, stating the exploit is currently being used in live attacks and urging immediate protective action.

“This is a significant vulnerability,” said Adam Meyers, senior vice president at cybersecurity firm Crowd Strike. “Anybody who’s got a hosted SharePoint server has got a problem.”

Patches have been rolled out for SharePoint Subscription Edition and SharePoint 2019, but SharePoint 2016 remains unpatched as Microsoft continues working on a fix. The company clarified that the cloud-based SharePoint Online within Microsoft 365 is not affected.

Despite the patch rollout for some versions, experts warn that attackers may have already compromised critical systems. According to a report by The Washington Post, access was gained to systems belonging to US federal and state agencies, European governments, energy companies, a Brazilian university, and an Asian telecom firm. In some incidents, hackers locked officials out of public document repositories by hijacking them.

The nature of the exploit enables spoofing attacks, where intruders can pose as trusted sources to infiltrate systems. With SharePoint often linked to services like Outlook and Teams, the attackers could potentially access sensitive communications, steal credentials, and establish persistent access using cryptographic keys.

What’s more alarming is that even applying the available patch might not eliminate the threat for already breached systems.

“So pushing out a patch on Monday or Tuesday doesn’t help anybody who’s been compromised in the past 72 hours,” a security researcher told The Washington Post.

Microsoft has issued detection guidance and mitigation steps on its official blog to help system administrators assess their exposure and take protective measures. Organizations using on-premises SharePoint are being advised to monitor for suspicious activity and apply available fixes without delay.

As the situation evolves, Microsoft is expected to release patches for SharePoint 2016 shortly. Until then, vigilance remains the best defense.