**Name of the Vulnerable Software and Affected Versions:**

Microsoft Office SharePoint Server (affected versions not specified)

**Description:**

An improper limitation of a pathname to a restricted directory ('path traversal') exists in Microsoft Office SharePoint, potentially allowing an attacker to perform spoofing over a network. This vulnerability is actively being exploited in attacks, with reports indicating over 400 victims globally. Attackers are leveraging this issue to steal credentials and gain privileged access. The vulnerability is related to a patch bypass, enabling exploitation even on servers with previously applied fixes. A related vulnerability, CVE-2025-53770, allows for remote code execution (RCE) via the `/layouts/15/ToolPane.aspx` endpoint by sending a specially crafted POST request with `DisplayMode=Edit`, potentially leading to full server compromise, including web shell installation. Initial scans detected exploitation attempts as early as July 16, 2025.

**Recommendations:**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.