Widespread Security Incident Impacting Microsoft in Germany
Critical SharePoint Vulnerability Affects Organisations Worldwide
A critical zero-day flaw in Microsoft's SharePoint software is causing concern for organisations globally, with over 75 organisations breached in mass attacks. The vulnerability, tracked as CVE-2025-53770, allows unauthenticated remote code execution and has been actively exploited worldwide.
Global Impact and Strategic Targeting
The exploitation campaign is large-scale and ongoing, with active attacks confirmed by Microsoft and multiple cybersecurity agencies. The threat actors leverage the vulnerability as a foothold for lateral movement inside corporate networks, enabling data theft, further attack chain progression, and deployment of ransomware such as Warlock on compromised systems.
Due to SharePoint’s integration with Microsoft services like Office, Teams, OneDrive, and Outlook, a breach can potentially expose significant enterprise information and extend risk beyond SharePoint itself. The danger is not over, as infection numbers continue to rise despite Microsoft fixing the vulnerability and releasing a security update.
Continuing Risk for SMEs
SMEs using on-premises SharePoint Server are at high risk since the flaw can be exploited remotely without user interaction or elevated privileges. Many SMEs may lag in applying emergency patches from Microsoft, increasing their exposure. SharePoint Online (Microsoft 365 cloud service) is not affected by this vulnerability, so risks are limited to on-premises environments.
Germany Affected by Mass Attacks
Germany ranks third worldwide in confirmed cases of this vulnerability, with 7% of the total. The Heilbronn district in Germany has experienced a fire that affected multiple buildings and a car, and it is unclear if this incident is related to the cyberattacks. Ten of the affected organisations in Germany have their headquarters in the Federal Republic.
Cybercriminals have targeted servers of companies and government agencies in Germany, the USA, and a small island state. Mauritius follows with 8% of confirmed cases, and the USA tops the list with 18% of confirmed cases.
Strategic Attacks, Not Random
Lodi Hensen, VP Security Operations at Eye Security, stated that the attacks were strategic and not random or opportunistic. The attacks are encrypting the data of victims and attempting to extort ransom. Eye Security experts have pointed out that the attackers are now using compromised SharePoint access for ransomware attacks.
Microsoft has attributed the first attacks to Chinese groups: Linen Typhoon, Violet Typhoon, and Storm-2603. The risk of these attacks no longer only affects states or corporations but also the European SME sector, which often lacks continuous security monitoring.
Stuttgart Aims for Emission-Free Future
In a separate development, the residents of Stuttgart could help the city achieve its climate goals, as Stuttgart aims to be emission-free by 2035. However, the focus of this article remains on the critical SharePoint vulnerability and its ongoing impact on organisations worldwide.
Microsoft and cybersecurity authorities strongly urge immediate patching and enhanced detection measures due to the fast-paced and stealthy exploitation tactics that blend with legitimate SharePoint activity, making detection challenging without deep endpoint visibility. Immediate mitigation and patching remain critical to reducing risk.
- The ongoing cyberattacks exploiting the SharePoint vulnerability, such as the one tracked as CVE-2025-53770, underscores the crucial role that cybersecurity plays in today's technology-driven political landscape, as well as the general news.
- Despite the critical SharePoint vulnerability being addressed by Microsoft and security updates released, the ongoing large-scale attacks underscore the importance of robust cybersecurity measures for Small and Medium-sized Enterprises (SMEs), particularly those using on-premises SharePoint Server.
