Ep. 4: ToolShell in the Wild: SharePoint Zero-Day CVE-2025-53770 Explained

In this urgent Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach experts Adrian Culley and Tomer Bar to break down CVE-2025-53770, a critical zero-day vulnerability actively exploited in Microsoft SharePoint Server. Known as part of the ToolShell attack chain, this deserialization flaw allows unauthenticated remote code execution and persistence — and it’s already being used in the wild.

We discuss:

• 
  

  What makes this vulnerability so dangerous (hint: there's no patch for SharePoint 2016 yet)

  
  


• 
  

  Why Microsoft is advising customers to assume breach

  
  


• 
  

  How SafeBreach Labs responded within 24 hours with new BAS coverage

  
  


• 
  

  Specific indicators of compromise (IoCs) and mitigation advice

  
  


• 
  

  Why this attack demands urgent attention from security teams and CISOs alike

  
  

Whether you're a SafeBreach customer or just trying to stay ahead of emerging threats, this episode delivers the critical insights you need — fast.

🔗 For more information on today's CVE, check out our post on the SafeBreach blog.