Microsoft Security Issue Affects Multiple German Businesses - Microsoft's security lapse leads to compromises in German companies
In a recent development, at least 400 organizations worldwide have been breached through a zero-day vulnerability in Microsoft's SharePoint software, known as CVE-2025-53770. This includes self-hosted SharePoint servers, with multiple affected countries reported, including Germany within the European Union.
The most impacted regions appear to be the United States and the European Union, including Germany. Multiple federal government agencies in the U.S., such as the National Nuclear Security Administration, Department of Homeland Security, and EU institutions and bodies, have been compromised.
The attack method exploiting this vulnerability is named "Toolshell". It narrowly missed the highest score of 10 due to requiring manual execution for each server and not spreading automatically like a virus. However, its high rating is due to the deep system penetration and installation of backdoors possible with the vulnerability.
Experts warn that attackers could also steal digital keys that could later be used to regain access to computers with closed security vulnerabilities. Potential access to these servers could lead to the theft of data and the capture of passwords, according to Dutch company Eye Security.
China-backed hacker groups have been identified as responsible for exploiting the vulnerability, targeting numerous organizations worldwide, which contributes to the global spread of affected entities. However, the Shadowserver Foundation's dashboard does not provide specific details about the number of affected servers in China.
Interestingly, the organization found only 24 vulnerable servers in France, 58 in the UK, and only three affected systems in Japan, indicating a disproportionate exposure of Germany to the security risk compared to similar-sized industrial nations. It is important to note that the vulnerability affects local servers for the SharePoint program to share files, not the cloud variant in Microsoft 365.
U.S. investigators have evidence that servers in the USA connected to compromised SharePoint systems established connections to IP addresses in China over the weekend.
In summary, the United States, European Union (including Germany), and numerous other countries worldwide have likely been affected by this security breach. The full extent of the impact is still being investigated, but the U.S. and EU countries are among the most affected based on publicly available information. It is crucial for organizations to assess their exposure and respond to this vulnerability promptly to mitigate potential risks.
The community and employment policies of organizations worldwide should be reviewed in light of the ongoing security breach involving the zero-day vulnerability in Microsoft's SharePoint software, CVE-2025-53770. Given the high-level impact on systems in the United States, European Union (particularly Germany), and other countries, cybersecurity policies should be prioritized to address this technology-driven threat. Moreover, politics and general-news outlets should provide regular updates on the breach and its potential ramifications for employment and data privacy.
