Zero-Day Flaw Allows Hackers to Steal Private Digital Keys, Gain Remote Access to Servers

The U.S. federal government and cybersecurity researchers have sounded the alarm on a newly discovered security bug in Microsoft’s SharePoint, warning that hackers are actively exploiting the flaw to steal private digital keys and gain remote access to servers. The vulnerability, officially known as CVE-2025-53771, affects versions of SharePoint that companies set up and manage on their own servers, leaving customers across the world largely unable to defend against the ongoing intrusions.

Microsoft has not yet provided patches for all affected SharePoint versions, leaving small to medium-sized businesses that rely on the software particularly vulnerable. According to Eye Security, which first revealed the bug on Saturday, dozens of actively exploited Microsoft SharePoint servers were discovered online at the time of its publication. The company warned that the bug allows hackers to steal private digital keys without needing any credentials to log in, enabling them to remotely plant malware and gain access to the files and data stored within.

The flaw is described as a “zero-day” vulnerability, meaning that Microsoft was given no time to patch the bug before it was made aware of it. The bug affects versions of the software as old as SharePoint Server 2016, and it is likely that thousands of small to medium-sized businesses are affected. Several U.S. federal agencies, universities, and energy companies have already been breached in the attacks, according to The Washington Post.

In the absence of patches or mitigations, customers are advised to consider disconnecting potentially affected systems from the internet. “If you have SharePoint [on-premise] exposed to the internet, you should assume that you have been compromised at this point,” said Michael Sikorski, the head of Palo Alto Networks’ threat intelligence division Unit 42.

The attack is the latest in a string of cyberattacks targeting Microsoft customers in recent years, including a 2021 vulnerability in self-hosted Microsoft Exchange email servers and a 2023 cyberattack on Microsoft’s cloud systems. Microsoft has also reported repeated intrusions from hackers associated with the Russian government.

According to Eye Security, the bug involves the theft of digital keys that can be used to impersonate legitimate requests on the server, making it essential for affected customers to both patch the bug and take additional steps to rotate their digital keys to prevent the hackers from re-compromising the server. The company has warned that the vulnerability can also enable further network compromise and data theft, particularly since SharePoint connects with other apps, like Outlook, Teams, and OneDrive.

In a statement, Microsoft acknowledged the vulnerability and stated that it is working on security fixes to prevent hackers from exploiting the bug. “We are working closely with our partners and customers to address this issue and provide guidance on mitigations until a patch is available,” the company said.

As the vulnerability continues to be exploited, cybersecurity experts urge affected customers to take immediate action to secure their systems. “This is a serious vulnerability that requires immediate attention,” said Sikorski. “Customers must take proactive steps to protect themselves and their data from this threat.”

Mitigation Steps for Affected Customers

Disconnect potentially affected systems from the internet

Rotate digital keys to prevent hackers from re-compromising the server

Patch the bug as soon as possible

Implement additional security measures to prevent network compromise and data theft

Key Takeaways

The CVE-2025-53771 vulnerability affects versions of SharePoint that companies set up and manage on their own servers

The bug allows hackers to steal private digital keys and gain remote access to servers

Several U.S. federal agencies, universities, and energy companies have already been breached in the attacks

Microsoft is working on security fixes to prevent hackers from exploiting the bug

Affected customers must take immediate action to secure their systems and protect their data