← Back to CVEs
CVE-2025-53770
CRITICALCISA KEV9.8
Description
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/20/2025
Last Modified10/27/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorMicrosoft
ProductSharePoint
Vulnerability NameMicrosoft SharePoint Deserialization of Untrusted Data Vulnerability
KEV Date Added2025-07-20
Remediation Due Date2025-07-21
Ransomware UseKnown
Affected Products
microsoft:sharepoint_server
Weaknesses (CWE)
CWE-502
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770(secure@microsoft.com)
https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kaizensecurity/CVE-2025-53770(af854a3a-2127-422b-91ae-364da2661108)
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=44629710(af854a3a-2127-422b-91ae-364da2661108)
https://research.eye.security/sharepoint-under-siege/(af854a3a-2127-422b-91ae-364da2661108)
https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally(af854a3a-2127-422b-91ae-364da2661108)
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770(af854a3a-2127-422b-91ae-364da2661108)
https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw(af854a3a-2127-422b-91ae-364da2661108)
https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/(af854a3a-2127-422b-91ae-364da2661108)
https://x.com/Shadowserver/status/1946900837306868163(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.