Cybersecurity Alert – Microsoft SharePoint Critical Vulnerability

IMPACT: All Firms

FINRA member firms that use Microsoft SharePoint should be aware of a critical vulnerability that affects certain versions of the web-based platform. This Cybersecurity Alert includes a link to a Microsoft Advisory describing the vulnerability as well as a recommendation to protect your firm. In addition, FINRA recommends that firms review this information with appropriate information technology and information security personnel to alert them to an ongoing threat.

Note: FINRA contacted firms that indicated through FINRA’s Third-Party Vendor Questionnaire that they use Microsoft SharePoint.

Summary

On July 19, 2025, Microsoft published an advisory regarding a critical vulnerability (CVE-2025-53770)1 in certain versions of Microsoft SharePoint, a web-based platform used for storing and sharing information, that could allow an unauthorized attacker to remotely execute code on the targeted SharePoint server. The advisory stated that this vulnerability was being actively exploited by threat actors. 

The advisory indicates that the following versions of SharePoint are affected:

  • Microsoft SharePoint Server Subscription Edition
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server 2016

The advisory indicates that SharePoint Online in Microsoft 365 is not impacted.

On July 20, 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) also released an advisory regarding this incident to further highlight the threat.

Recommendation to Protect Your Firm

To protect against this threat, FINRA recommends member firms refer to Microsoft’s advisory for specific mitigation steps, including details on available software updates.

Questions related to this Alert or other cybersecurity-related topics can be emailed to the FINRA Cyber and Analytics Unit (CAU).

FINRA asks member firms to report any cyber incidents to your Risk Monitoring Analyst. Additionally, both the FBI and the Cybersecurity & Infrastructure Security Agency (CISA) urge organizations to promptly report cyber incidents to a local FBI Field Office or the FBI Internet Crime Complaint Center (IC3) at IC3.gov, and to CISA via CISA’s 24/7 Operations Center ([email protected] or 888-282-0870).

Note: This Alert does not create new legal or regulatory requirements or new interpretations of existing requirements, nor does it relieve firms of any existing obligations under federal securities laws, regulations, and FINRA rules. Member firms may consider the information in this Alert in developing new, or modifying existing, policies and procedures that are reasonably designed to achieve compliance with relevant regulatory obligations based on the member firm’s size and business model. Moreover, some questions may not be relevant due to certain firms’ business models, sizes, or practices.

If you would like to add or change who receives this email, please update your firm’s Chief Information Security Officer (CISO), Chief Compliance Officer (CCO) and/or Chief Risk Officer (CRO) contacts in FINRA Gateway.

1 “CVE” is short for Common Vulnerabilities and Exposures, a list of publicly known cybersecurity vulnerabilities.