Two recently disclosed Microsoft SharePoint vulnerabilities have prompted urgent alerts from cybersecurity authorities in Australia and New Zealand, highlighting heightened risks for finance teams relying on these widely used platforms.
According to the Australian Cyber Security Centre (ACSC) and New Zealand’s Computer Emergency Response Team (CERT NZ), these critical vulnerabilities (CVE-2025-53770 and CVE-2025-53771) affect Microsoft Office SharePoint Server and SharePoint Server, enabling threat actors to potentially execute remote code and compromise business systems.
These vulnerabilities are concerning because Microsoft SharePoint is widely used by finance and procurement teams for document management and collaboration, including vendor invoices and payment approvals. The flaws could allow attackers to:
- execute malicious code remotely
- gain unauthorized access to sensitive financial documents
- manipulate or intercept vendor payment details
This makes finance teams a prime target for sophisticated cybercrime operations aiming to disrupt payment workflows or facilitate fraud.
Why finance teams must act quickly
Both ACSC and CERT NZ have issued urgent “act now” alerts recommending organizations in Australia and New Zealand immediately patch their SharePoint servers to prevent exploitation.
Delays in patching leave finance operations vulnerable to:
- business email compromise (BEC) schemes leveraging system access
- fraudulent invoice alterations or vendor impersonation
- data breaches exposing payment credentials and vendor banking information
With payment fraud losses mounting globally, even brief windows of exposure can result in significant financial and reputational harm.
What finance leaders should do today
Finance leaders and AP managers should:
- verify with IT teams that all SharePoint servers are patched promptly
- review manual approval workflows that rely on SharePoint-hosted documents
- implement multi-layered vendor validation and payment verification controls
- consider real-time payment screening tools like Eftsure to catch vendor fraud
No single control is foolproof, but layered defences reduce the chance that attackers can exploit system weaknesses to steal funds.
How Eftsure helps mitigate vendor fraud risks
Eftsure strengthens your cyber resilience by validating vendor banking details and monitoring payment transactions before funds leave your account. In environments where platforms like SharePoint may be targeted, Eftsure acts as a critical last line of defense to:
- detect vendor detail changes inconsistent with verified records
- flag suspicious payments before processing
- reduce reliance on vulnerable manual or document-based controls
For finance teams in Australia and New Zealand facing evolving cyber threats, combining Eftsure with diligent IT patching and process controls is essential.
Explore vendor validation best practices
Learn how Eftsure helps finance teams detect and prevent payment fraud before funds leave the account.
Book a demo to see Eftsure in action and strengthen your payment controls.
