https://community.checkpoint.com/t5/Playblocks/New-Critical-CVE-Alert-Protect-Your-Network-in-Minutes-with/m-p/253824#M68 <P><FONT color="#000000">A new <STRONG>critical zero-day vulnerability</STRONG> in SharePoint,<STRONG> CVE-2025-53770</STRONG>, also known as <STRONG>ToolShell</STRONG>, is being <STRONG>actively exploited right now</STRONG>.&nbsp;If your organization uses <STRONG>SharePoint on-premises</STRONG>, taking action is <STRONG>crucial</STRONG>.</FONT></P> <P><FONT color="#000000">Published on <STRONG>July 21, 2025</STRONG>, this vulnerability affects:</FONT></P> <UL> <LI><FONT color="#000000">Microsoft SharePoint Enterprise Server 2016</FONT></LI> <LI><FONT color="#000000">Microsoft SharePoint Server 2019</FONT></LI> <LI><FONT color="#000000">Microsoft SharePoint Server subscription (prior to 16.0.18526.20424)</FONT></LI> </UL> <H4>&nbsp;</H4> <H4><span class="lia-unicode-emoji" title=":pushpin:">📌</span><FONT color="#000000"><STRONG> Microsoft SharePoint Server Insecure Deserialization (CVE-2025-49704; CVE-2025-53770)</STRONG></FONT></H4> <P><FONT color="#000000">This vulnerability allows <STRONG>unauthenticated remote code execution</STRONG> via insecure deserialization — giving attackers full control over affected systems.</FONT></P> <P><span class="lia-unicode-emoji" title=":ballot_box_with_check:">☑️</span><FONT color="#000000"> <STRONG data-start="1165" data-end="1210">Make sure your IPS signatures are updated</STRONG> to detect this threat using the latest protections.</FONT></P> <H2><FONT color="#000000"><STRONG><span class="lia-unicode-emoji" title=":direct_hit:">🎯</span> The good news? You can stay protected in just minutes with Infinity Playblocks.&nbsp;</STRONG></FONT></H2> <P>&nbsp;</P> <P><STRONG>Once detected by IPS, Infinity Playblocks allows you to instantly automate the response - blocking the source IP and <FONT color="#000000">sending alerts in real time.</FONT></STRONG></P> <P><span class="lia-unicode-emoji" title=":backhand_index_pointing_right:">👉</span><FONT color="#000000"> Simply enter this prompt into the AI Automation Creator:</FONT></P> <H4><STRONG><FONT color="#000080"><EM>"Create an automation that blocks IPS attacks with protection name ״Microsoft SharePoint Server Insecure Deserialization״ and sends a notification about the event."</EM></FONT></STRONG></H4> <P>&nbsp;</P> <P><STRONG><FONT color="#000000">Playblocks will instantly generate a complete automation - like the one below - that automatically blocks the attacker as soon as an exploit attempt is detected,&nbsp;across all your gateways with the Quantum Enforcement Connector enabled.</FONT></STRONG></P> <P><STRONG><FONT color="#000000"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AI Customization.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31029iC431854E6F445586/image-size/large?v=v2&amp;px=999" role="button" title="AI Customization.png" alt="AI Customization.png" /></span></FONT></STRONG></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Microsoft SharePoint Server Insecure Deserialization.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31028i9A264BDC8C864AAE/image-size/large?v=v2&amp;px=999" role="button" title="Microsoft SharePoint Server Insecure Deserialization.png" alt="Microsoft SharePoint Server Insecure Deserialization.png" /></span></P> <H3><BR /><STRONG>From detection to action - all in seconds.&nbsp;</STRONG></H3> <P><BR />#CheckPoint #InfinityPlayblocks #CVE2025 #ToolShell #Automation #SharePoint #ZeroDayProtection #CyberSecurity #AI</P> Wed, 23 Jul 2025 21:14:17 GMT Tal_Ben_Bassat 2025-07-23T21:14:17Z https://community.checkpoint.com/t5/Playblocks/New-Critical-CVE-Alert-Protect-Your-Network-in-Minutes-with/m-p/253824#M68 <P><FONT color="#000000">A new <STRONG>critical zero-day vulnerability</STRONG> in SharePoint,<STRONG> CVE-2025-53770</STRONG>, also known as <STRONG>ToolShell</STRONG>, is being <STRONG>actively exploited right now</STRONG>.&nbsp;If your organization uses <STRONG>SharePoint on-premises</STRONG>, taking action is <STRONG>crucial</STRONG>.</FONT></P> <P><FONT color="#000000">Published on <STRONG>July 21, 2025</STRONG>, this vulnerability affects:</FONT></P> <UL> <LI><FONT color="#000000">Microsoft SharePoint Enterprise Server 2016</FONT></LI> <LI><FONT color="#000000">Microsoft SharePoint Server 2019</FONT></LI> <LI><FONT color="#000000">Microsoft SharePoint Server subscription (prior to 16.0.18526.20424)</FONT></LI> </UL> <H4>&nbsp;</H4> <H4><span class="lia-unicode-emoji" title=":pushpin:">📌</span><FONT color="#000000"><STRONG> Microsoft SharePoint Server Insecure Deserialization (CVE-2025-49704; CVE-2025-53770)</STRONG></FONT></H4> <P><FONT color="#000000">This vulnerability allows <STRONG>unauthenticated remote code execution</STRONG> via insecure deserialization — giving attackers full control over affected systems.</FONT></P> <P><span class="lia-unicode-emoji" title=":ballot_box_with_check:">☑️</span><FONT color="#000000"> <STRONG data-start="1165" data-end="1210">Make sure your IPS signatures are updated</STRONG> to detect this threat using the latest protections.</FONT></P> <H2><FONT color="#000000"><STRONG><span class="lia-unicode-emoji" title=":direct_hit:">🎯</span> The good news? You can stay protected in just minutes with Infinity Playblocks.&nbsp;</STRONG></FONT></H2> <P>&nbsp;</P> <P><STRONG>Once detected by IPS, Infinity Playblocks allows you to instantly automate the response - blocking the source IP and <FONT color="#000000">sending alerts in real time.</FONT></STRONG></P> <P><span class="lia-unicode-emoji" title=":backhand_index_pointing_right:">👉</span><FONT color="#000000"> Simply enter this prompt into the AI Automation Creator:</FONT></P> <H4><STRONG><FONT color="#000080"><EM>"Create an automation that blocks IPS attacks with protection name ״Microsoft SharePoint Server Insecure Deserialization״ and sends a notification about the event."</EM></FONT></STRONG></H4> <P>&nbsp;</P> <P><STRONG><FONT color="#000000">Playblocks will instantly generate a complete automation - like the one below - that automatically blocks the attacker as soon as an exploit attempt is detected,&nbsp;across all your gateways with the Quantum Enforcement Connector enabled.</FONT></STRONG></P> <P><STRONG><FONT color="#000000"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AI Customization.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31029iC431854E6F445586/image-size/large?v=v2&amp;px=999" role="button" title="AI Customization.png" alt="AI Customization.png" /></span></FONT></STRONG></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Microsoft SharePoint Server Insecure Deserialization.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31028i9A264BDC8C864AAE/image-size/large?v=v2&amp;px=999" role="button" title="Microsoft SharePoint Server Insecure Deserialization.png" alt="Microsoft SharePoint Server Insecure Deserialization.png" /></span></P> <H3><BR /><STRONG>From detection to action - all in seconds.&nbsp;</STRONG></H3> <P><BR />#CheckPoint #InfinityPlayblocks #CVE2025 #ToolShell #Automation #SharePoint #ZeroDayProtection #CyberSecurity #AI</P> Wed, 23 Jul 2025 21:14:17 GMT https://community.checkpoint.com/t5/Playblocks/New-Critical-CVE-Alert-Protect-Your-Network-in-Minutes-with/m-p/253824#M68 Tal_Ben_Bassat 2025-07-23T21:14:17Z