A new critical zero-day vulnerability in SharePoint, CVE-2025-53770, also known as ToolShell, is being actively exploited right now. If your organization uses SharePoint on-premises, taking action is crucial.

Published on July 21, 2025, this vulnerability affects:

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server subscription (prior to 16.0.18526.20424)

📌 Microsoft SharePoint Server Insecure Deserialization (CVE-2025-49704; CVE-2025-53770)

This vulnerability allows unauthenticated remote code execution via insecure deserialization — giving attackers full control over affected systems.

☑️ Make sure your IPS signatures are updated to detect this threat using the latest protections.

🎯 The good news? You can stay protected in just minutes with Infinity Playblocks. 

Once detected by IPS, Infinity Playblocks allows you to instantly automate the response - blocking the source IP and sending alerts in real time.

👉 Simply enter this prompt into the AI Automation Creator:

"Create an automation that blocks IPS attacks with protection name ״Microsoft SharePoint Server Insecure Deserialization״ and sends a notification about the event."

Playblocks will instantly generate a complete automation - like the one below - that automatically blocks the attacker as soon as an exploit attempt is detected, across all your gateways with the Quantum Enforcement Connector enabled.

From detection to action - all in seconds. 

#CheckPoint #InfinityPlayblocks #CVE2025 #ToolShell #Automation #SharePoint #ZeroDayProtection #CyberSecurity #AI