MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities

Source: All CISA Advisories | Added:

The article discusses multiple vulnerabilities in Microsoft SharePoint, particularly focusing on CVE-2025-49704 and CVE-2025-49706, which have been exploited in a chain attack known as 'ToolShell'. Cyber threat actors are using these vulnerabilities to gain unauthorized access to on-premise SharePoint servers and deploy malicious webshells.

Impact: Microsoft SharePoint

In the Wild: Yes

Age: Newly disclosed

Remediation: CISA encourages organizations to use the indicators of compromise (IOCs) and detection signatures provided in the report.