Analysis

A critical, unpatched zero-day vulnerability (CVE-2025-53770) in on-premises Microsoft SharePoint servers is under active exploitation, representing a significant and immediate risk for enterprise customers. Since July 18th, attackers have compromised at least 85 servers across 29 organizations, including multi-national corporations and government entities, by leveraging a variant of a previously disclosed Pwn2Own exploit to achieve Remote Code Execution. The attack's method involves stealing the server's MachineKey to forge valid security tokens, demonstrating a sophisticated threat. While Microsoft (MSFT) has acknowledged the issue and is developing a patch, the lack of an immediate fix forces customers into disruptive mitigations, such as disconnecting servers from the internet if they cannot enable AMSI integration. Critically, this vulnerability does not affect the strategic Microsoft 365 cloud platform, which contains the financial impact for Microsoft but underscores the persistent security risks and high operational costs associated with legacy on-premises software. The strongly negative sentiment (-0.8 for MSFT) reflects the reputational risk and the severity of the threat to its enterprise client base.