Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-53770

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-20 Jul, 2025 | 01:06
Updated At-23 Aug, 2025 | 00:40
Rejected At-
Credits

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Microsoft CorporationMicrosoft
Product:SharePoint
Added At:20 Jul, 2025
Due At:21 Jul, 2025

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

Used in Ransomware

:

Known

CWE

:
CWE-502

Required Action:

Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Additional Notes:

CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53770
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:20 Jul, 2025 | 01:06
Updated At:23 Aug, 2025 | 00:40
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Enterprise Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.5513.1001 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.10417.20037 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Server Subscription Edition
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.18526.20508 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502: Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2025-07-20
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
N/A
https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
N/A
https://research.eye.security/sharepoint-under-siege/
N/A
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
N/A
https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/
N/A
https://x.com/Shadowserver/status/1946900837306868163
N/A
https://github.com/kaizensecurity/CVE-2025-53770
N/A
https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
N/A
https://news.ycombinator.com/item?id=44629710
N/A
https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/
N/A
https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw
N/A
Hyperlink: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
Resource: N/A
Hyperlink: https://research.eye.security/sharepoint-under-siege/
Resource: N/A
Hyperlink: https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
Resource: N/A
Hyperlink: https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/
Resource: N/A
Hyperlink: https://x.com/Shadowserver/status/1946900837306868163
Resource: N/A
Hyperlink: https://github.com/kaizensecurity/CVE-2025-53770
Resource: N/A
Hyperlink: https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
Resource: N/A
Hyperlink: https://news.ycombinator.com/item?id=44629710
Resource: N/A
Hyperlink: https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/
Resource: N/A
Hyperlink: https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:20 Jul, 2025 | 01:15
Updated At:30 Jul, 2025 | 01:00

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2025-07-202025-07-21Microsoft SharePoint Deserialization of Untrusted Data VulnerabilityDisconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Date Added: 2025-07-20
Due Date: 2025-07-21
Vulnerability Name: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Required Action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>sharepoint_server>>Versions before 16.0.18526.20508(exclusive)
cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2016
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2019
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-502Secondarysecure@microsoft.com
CWE ID: CWE-502
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770secure@microsoft.com
Vendor Advisory
https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/af854a3a-2127-422b-91ae-364da2661108
Exploit
Press/Media Coverage
https://github.com/kaizensecurity/CVE-2025-53770af854a3a-2127-422b-91ae-364da2661108
Exploit
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/af854a3a-2127-422b-91ae-364da2661108
Mitigation
Vendor Advisory
https://news.ycombinator.com/item?id=44629710af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://research.eye.security/sharepoint-under-siege/af854a3a-2127-422b-91ae-364da2661108
Exploit
Mitigation
Third Party Advisory
https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globallyaf854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
US Government Resource
https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flawaf854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
https://x.com/Shadowserver/status/1946900837306868163af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
Source: secure@microsoft.com
Resource:
Vendor Advisory
Hyperlink: https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Press/Media Coverage
Hyperlink: https://github.com/kaizensecurity/CVE-2025-53770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://news.ycombinator.com/item?id=44629710
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://research.eye.security/sharepoint-under-siege/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mitigation
Third Party Advisory
Hyperlink: https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Hyperlink: https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Hyperlink: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
US Government Resource
Hyperlink: https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Hyperlink: https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Hyperlink: https://x.com/Shadowserver/status/1946900837306868163
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found