Trust Center
Bloomberg Tax ("BTAX") is a web-based platform that provides tax and accounting content for finance professionals.
Microsoft SharePoint Zero-Day Vulnerabilities – Not Impacted
We are aware of the recently disclosed Microsoft SharePoint zero-day vulnerabilities: CVE-2025-53770 and CVE-2025-53771. After a thorough review, we have confirmed that Bloomberg Industry Group is not impacted. Our products do not rely on Microsoft SharePoint for any customer-facing services, and our internal SharePoint environment is isolated, access-controlled, and closely monitored. We continue to evaluate all third-party services for exposure and apply security patches in alignment with our vulnerability management procedures.
Submission of Discovered Vulnerabilities
At Bloomberg Industry Group, we welcome responsible disclosures of security vulnerabilities found within our websites or applications, in accordance with this policy.
Expectations for Responsible Disclosure:
Confidential Reporting: Please report security vulnerabilities confidentially to SecurityCompliance@bloombergindustry.com
Your disclosure should include:
- Your name and contact information.
- Clear identification of the issue's context, including the name of the vulnerable application, the vulnerable URL, and any exposed parameters.
- A description of the vulnerability, including how it can be exploited and the potential consequences.
- Where possible, please provide a screenshot of the exploited/executed vulnerability.
Non-Disclosure: Do not publicly disclose the vulnerability without our explicit consent and guidance.
For purposes of clarity, our terms governing access to our products and websites do not permit active scanning or penetration testing.
What You Can Expect from us:
- Acknowledgment: The INDG Team will acknowledge receipt and begin investigating the reported vulnerability.
- Investigation Outcome: We may inform you of the investigation's outcome upon its conclusion. During the investigation, we may reach out for additional information.