{"id":69740,"date":"2025-08-08T16:16:28","date_gmt":"2025-08-08T15:16:28","guid":{"rendered":"https:\/\/www.n-able.com\/?p=69740"},"modified":"2025-09-09T17:54:22","modified_gmt":"2025-09-09T16:54:22","slug":"critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell","title":{"rendered":"Critical SharePoint vulnerability CVE-2025-53770: An MSP action guide for ToolShell"},"content":{"rendered":"<p>If you&#8217;re managing SharePoint servers for your clients, you need to act now. <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770<\/a> is being actively exploited in the wild, and your clients&#8217; SharePoint servers are potentially sitting ducks.<\/p>\n<p>Here&#8217;s what you need to know: This vulnerability lets attackers take complete control of SharePoint servers without any credentials. They&#8217;re not just getting in\u2014they&#8217;re stealing cryptographic keys that let them maintain access even after you patch. And yes,\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">nation-state actors are already using this<\/a>.<\/p>\n<h2><span>What&#8217;s at risk<\/span><\/h2>\n<p>Every on-premises SharePoint installation is vulnerable:<\/p>\n<ul>\n<li>SharePoint 2016<\/li>\n<li>SharePoint 2019<\/li>\n<li>SharePoint Subscription Edition<\/li>\n<li>SharePoint 2013 and earlier (these won&#8217;t get patches\u2014they&#8217;re no longer supported by Microsoft)<\/li>\n<\/ul>\n<p>SharePoint Online is safe, but that doesn&#8217;t help your on-premises clients. And here&#8217;s the kicker: finding vulnerable servers is trivially easy. Anyone can hop on Shodan and search for SharePoint-specific URLs like &#8220;\/_layouts\/15\/&#8221; to find exposed servers. If you haven&#8217;t patched yet, assume you&#8217;re already being scanned.<\/p>\n<h2><span>Your immediate action plan<\/span><\/h2>\n<h3><span>Step 1: Find all SharePoint servers (today)<\/span><\/h3>\n<p>Start with the obvious\u2014internet-facing servers. But don&#8217;t stop there. You need a complete inventory:<\/p>\n<ul>\n<li>Check Active Directory for SharePoint service accounts<\/li>\n<li>Scan internal networks for SharePoint URLs<\/li>\n<li>Review your asset management systems<\/li>\n<li>Ask clients directly\u2014they might have SharePoint instances you don&#8217;t know about<\/li>\n<\/ul>\n<h3><span>Step 2: Apply patches immediately<\/span><\/h3>\n<p>Microsoft released emergency patches on\u00a0<a href=\"https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/\" target=\"_blank\" rel=\"noopener\">July 21-22, 2025<\/a>:<\/p>\n<p><strong>SharePoint Subscription Edition<\/strong>:<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/description-of-the-security-update-for-sharepoint-server-subscription-edition-july-21-2025-kb5002768-26460cc8-af97-4ccf-ad90-d9225d63d1bc\" target=\"_blank\" rel=\"noopener\">KB5002768<\/a> (build 16.0.18526.20508)<br \/>\n<strong>SharePoint 2019<\/strong>: <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/description-of-the-security-update-for-sharepoint-server-2019-july-21-2025-kb5002754-f5b23cd0-6d1c-49f5-851e-7868b7ddb6a1\" target=\"_blank\" rel=\"noopener\">KB5002754<\/a> + <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/description-of-the-security-update-for-sharepoint-server-2019-language-pack-july-21-2025-kb5002753-d9b60b8a-577e-43ad-9469-416c0f3fd913\" target=\"_blank\" rel=\"noopener\">KB5002753<\/a> (build 16.0.10417.20037)<br \/>\n<strong>SharePoint 2016<\/strong>: <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/description-of-the-security-update-for-sharepoint-enterprise-server-2016-july-21-2025-kb5002760-3ba63c92-23dd-4a1c-9f23-6dbcca9447ed\" target=\"_blank\" rel=\"noopener\">KB5002760<\/a> + <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/description-of-the-security-update-for-sharepoint-enterprise-server-2016-language-pack-july-21-2025-kb5002759-23cb08ac-ff17-4ee8-81cb-70bff24e0b16\" target=\"_blank\" rel=\"noopener\">KB5002759<\/a> (build 16.0.5513.1001)<\/p>\n<p>But here&#8217;s the critical part\u2014patching isn&#8217;t enough.<\/p>\n<h3><span>Step 3: Rotate the keys (non-negotiable)<\/span><\/h3>\n<p>Even after patching, attackers who have already compromised servers still have valid cryptographic keys. Here&#8217;s exactly what needs to happen:<\/p>\n<ol>\n<li><strong>Open SharePoint Management Shell as Administrator<\/strong>\u00a0on your SharePoint server<\/li>\n<li><strong>Generate new machine keys<\/strong>\u00a0using the Set-SPMachineKey cmdlet. You&#8217;ll need to create:\n<ul>\n<li>A new ValidationKey (128 hexadecimal characters)<\/li>\n<li>A new DecryptionKey (48 hexadecimal characters)<\/li>\n<li>A new EncryptionKey (48 hexadecimal characters)<\/li>\n<\/ul>\n<\/li>\n<li><strong>Apply these keys to EVERY web application<\/strong>\u00a0in your farm. Each web application needs the new keys or you&#8217;re still vulnerable.<\/li>\n<li><strong>Restart IIS on ALL SharePoint servers<\/strong>\u00a0in the farm. This forces SharePoint to start using the new keys immediately.<\/li>\n<li><strong>Verify consistency across the farm<\/strong>. The machine keys must match on every server, or you&#8217;ll have authentication issues between servers.<\/li>\n<\/ol>\n<p><strong>Critical timing<\/strong>: This process will cause a brief service interruption as IIS restarts. Plan for 5-10 minutes of downtime, but don&#8217;t delay\u2014stolen keys give attackers permanent access until you change them.<\/p>\n<p><strong>Important<\/strong>: If you&#8217;re not comfortable with PowerShell or haven&#8217;t done this before, get help. Messing up machine key rotation can break authentication across your entire farm. But remember: a broken farm you can fix; a compromised farm might be gone forever.<\/p>\n<h3><span>Step 4: Hunt for compromises<\/span><\/h3>\n<p>Check for these indicators:<\/p>\n<ul>\n<li>Web shells named\u00a0spinstall0.aspx\u00a0(or variants) in LAYOUTS directories<\/li>\n<li>PowerShell processes spawned by IIS worker processes<\/li>\n<li>Connections to known bad IPs: 107.191.58.76, 104.238.159.149, 96.9.125.147<\/li>\n<li>Unusual file modifications in SharePoint directories since July 18, 2025<\/li>\n<\/ul>\n<h2><span>Managing the SharePoint Sprawl<\/span><\/h2>\n<p>Let&#8217;s be honest\u2014SharePoint patching is a pain. Unlike regular Windows updates, you can&#8217;t just push them through and wipe your hands. Each SharePoint farm needs manual attention, configuration wizards, and testing. Here&#8217;s how to handle it at scale:<\/p>\n<h3><span>Automate what you can<\/span><\/h3>\n<p>Use PowerShell DSC for configuration management. Build scripts that:<\/p>\n<ul>\n<li>Take pre-patch backups (SharePoint patches can break things)<\/li>\n<li>Apply patches in the correct order<\/li>\n<li>Run the Configuration Wizard<\/li>\n<li>Validate services are running<\/li>\n<li>Test critical functionality<\/li>\n<\/ul>\n<h3><span>Document everything<\/span><\/h3>\n<p>Strong documentation is the foundation of professional risk management and reflects the shared risk responsibility between MSPs and clients. Your risk register should include:<\/p>\n<ul>\n<li>Every SharePoint instance across all clients<\/li>\n<li>Version numbers and patch status<\/li>\n<li>Business criticality ratings<\/li>\n<li>Decision history and approvals<\/li>\n<\/ul>\n<p>When clients need to delay patches or accept certain risks, proper documentation ensures both parties understand their role in the shared risk-responsibility model. Risk acceptance forms help clarify the implications\u2014whether it&#8217;s potential data exposure, ransomware vulnerability, or compliance impacts. This transparency builds trust and enables informed decision-making within the shared responsibility framework.<\/p>\n<p><a href=\"https:\/\/www.n-able.com\/blog\/why-it-documentation-matters-in-times-of-crisis\" target=\"_blank\" rel=\"noopener\">Good documentation<\/a> also speeds up your response to future vulnerabilities. When the next zero-day hits, you&#8217;ll know exactly which clients to contact first.<\/p>\n<h3><span>Establish emergency procedures<\/span><\/h3>\n<p>For critical vulnerabilities like this, you need pre-authorized emergency patching windows. Work with clients now to establish:<\/p>\n<ul>\n<li>Automatic approval for CVSS 9+ vulnerabilities<\/li>\n<li>24-hour patching SLA for internet-facing systems<\/li>\n<li>48-hour SLA for internal critical systems<\/li>\n<\/ul>\n<h3><span>The SharePoint 2013 problem<\/span><\/h3>\n<p>If clients are still running SharePoint 2013 or earlier, you have two options:<\/p>\n<ol>\n<li>Disconnect from the internet immediately<\/li>\n<li>Accept that compromise is inevitable<\/li>\n<\/ol>\n<p>There are no patches coming. Ever. These systems are end-of-life, and this vulnerability is a death sentence for internet-connected legacy SharePoint.<\/p>\n<h3><span>Building long-term resilience<\/span><\/h3>\n<p>This won&#8217;t be the last SharePoint zero-day vulnerability. Here&#8217;s what you need for next time:<\/p>\n<p><strong>Maintain visibility<\/strong><\/p>\n<ul>\n<li>Deploy continuous vulnerability scanning<\/li>\n<li>Monitor Microsoft Security Response Center feeds<\/li>\n<li>Set up alerts for SharePoint-specific threats<\/li>\n<\/ul>\n<p><strong>Standardize procedures<\/strong><\/p>\n<ul>\n<li>Document your SharePoint patching process<\/li>\n<li>Create runbooks for emergency response<\/li>\n<li>Train your team on SharePoint-specific quirks<\/li>\n<\/ul>\n<p><strong>Manage client expectations<\/strong><\/p>\n<ul>\n<li>Educate clients on SharePoint risks<\/li>\n<li>Build security requirements into contracts<\/li>\n<li>Define clear responsibilities in your MSAs<\/li>\n<\/ul>\n<h2><span>What this means for your GRC program<\/span><\/h2>\n<p>As an MSP, you operate under a shared risk-responsibility model with your clients. This vulnerability highlights why robust governance matters:<\/p>\n<p>Your risk register isn&#8217;t just paperwork. When\u00a0<a href=\"https:\/\/blog.checkpoint.com\/research\/sharepoint-zero-day-cve-2025-53770-actively-exploited-what-security-teams-need-to-know\/\" target=\"_blank\" rel=\"noopener\">Check Point reported 4,600+ attacks on 300+ organizations<\/a>, MSPs with mature risk management could immediately identify exposed clients and prioritize response. Those without? They&#8217;re still scrambling.<\/p>\n<p>The shared risk-responsibility model means your frameworks must address:<\/p>\n<ul>\n<li>Asset inventory accuracy (you can&#8217;t protect what you don&#8217;t know about)<\/li>\n<li>Clear delineation of MSP vs. client responsibilities<\/li>\n<li>Vulnerability management SLAs that both parties agree to<\/li>\n<li>Incident response procedures with defined roles<\/li>\n<li>Client communication protocols that maintain transparency<\/li>\n<li>Risk acceptance documentation that reflects shared accountability<\/li>\n<\/ul>\n<h2><span>The bottom line<\/span><\/h2>\n<p>CVE-2025-53770 is a wake-up call.\u00a0<a href=\"https:\/\/www.rapid7.com\/blog\/post\/etr-zero-day-exploitation-of-microsoft-sharepoint-servers-cve-2025-53770\/\" target=\"_blank\" rel=\"noopener\">Chinese nation-state actors<\/a>\u00a0are actively exploiting this vulnerability, deploying ransomware, and establishing persistent access. The patches are available, but patching alone won&#8217;t save you.<\/p>\n<p>Success requires:<\/p>\n<ol>\n<li>Complete visibility of all SharePoint instances<\/li>\n<li>Immediate patching of supported versions<\/li>\n<li>Key rotation to prevent persistent access<\/li>\n<li>Enhanced monitoring for compromise indicators<\/li>\n<li>Clear procedures for the next zero-day<\/li>\n<\/ol>\n<p>Don&#8217;t wait for the next client call asking why their SharePoint server is encrypted. Take action now. Your clients are counting on you to keep their collaboration platforms from becoming compromise platforms.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Reviews, then check out\u00a0the\u00a0<\/strong><a href=\"https:\/\/www.n-able.com\/blog\/patch-management\" target=\"_blank\" rel=\"noopener\"><span><strong>Patch Management section of our blog<\/strong><\/span><\/a><strong>.<\/strong><\/p>\n<p><em>Lewis Pope is the Head Security Nerd at N\u2011able. You can follow him on Twitter:\u00a0<\/em><a href=\"https:\/\/twitter.com\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><em>@cybersec_nerd<\/em><\/a><\/p>\n<p><em>LinkedIn:\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/thesecuritypope\" target=\"_blank\" rel=\"noopener\"><span>thesecuritypope<\/span><\/a><\/em><\/p>\n<p><em>Twitch:\u00a0<a href=\"https:\/\/www.twitch.tv\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><span>cybersec_nerd<\/span><\/a>\u00a0<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Protect your SharePoint servers now\u2014CVE-2025-53770 is actively exploited. Learn risks, affected versions, and urgent MSP actions to keep clients secure.<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-69740","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-patch-management","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Critical SharePoint Vulnerability CVE-2025-53770: Immediate<\/title>\n<meta name=\"description\" content=\"Protect your SharePoint servers now\u2014CVE-2025-53770 is actively exploited. Learn risks, affected versions, and urgent MSP actions to keep clients secure.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical SharePoint Vulnerability CVE-2025-53770: Immediate\" \/>\n<meta property=\"og:description\" content=\"Protect your SharePoint servers now\u2014CVE-2025-53770 is actively exploited. Learn risks, affected versions, and urgent MSP actions to keep clients secure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-08T15:16:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-09T16:54:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2025\/08\/080725_BB_SharePoint-Vuln_Final_1200x628.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"Critical SharePoint vulnerability CVE-2025-53770: An MSP action guide for ToolShell\",\"datePublished\":\"2025-08-08T16:16:28+01:00\",\"dateModified\":\"2025-09-09T16:54:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell\"},\"wordCount\":1130,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell\",\"url\":\"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell\",\"name\":\"Critical SharePoint Vulnerability CVE-2025-53770: Immediate\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#website\"},\"datePublished\":\"2025-08-08T16:16:28+01:00\",\"dateModified\":\"2025-09-09T16:54:22+00:00\",\"description\":\"Protect your SharePoint servers now\u2014CVE-2025-53770 is actively exploited. Learn risks, affected versions, and urgent MSP actions to keep clients secure.\",\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/it\/#website\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Critical SharePoint Vulnerability CVE-2025-53770: Immediate","description":"Protect your SharePoint servers now\u2014CVE-2025-53770 is actively exploited. Learn risks, affected versions, and urgent MSP actions to keep clients secure.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell","og_locale":"it_IT","og_type":"article","og_title":"Critical SharePoint Vulnerability CVE-2025-53770: Immediate","og_description":"Protect your SharePoint servers now\u2014CVE-2025-53770 is actively exploited. Learn risks, affected versions, and urgent MSP actions to keep clients secure.","og_url":"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2025-08-08T15:16:28+00:00","article_modified_time":"2025-09-09T16:54:22+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2025\/08\/080725_BB_SharePoint-Vuln_Final_1200x628.jpg","type":"image\/jpeg"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Scritto da":"Lewis Pope","Tempo di lettura stimato":"5 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"Critical SharePoint vulnerability CVE-2025-53770: An MSP action guide for ToolShell","datePublished":"2025-08-08T16:16:28+01:00","dateModified":"2025-09-09T16:54:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell"},"wordCount":1130,"publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell","url":"https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell","name":"Critical SharePoint Vulnerability CVE-2025-53770: Immediate","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/#website"},"datePublished":"2025-08-08T16:16:28+01:00","dateModified":"2025-09-09T16:54:22+00:00","description":"Protect your SharePoint servers now\u2014CVE-2025-53770 is actively exploited. Learn risks, affected versions, and urgent MSP actions to keep clients secure.","inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/it\/blog\/critical-sharepoint-vulnerability-cve-2025-53770-an-msp-action-guide-for-toolshell"]}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/it\/#website","url":"https:\/\/www.n-able.com\/it\/","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/it\/#organization","name":"N-able","url":"https:\/\/www.n-able.com\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/69740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/comments?post=69740"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/69740\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/media?parent=69740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}