Server-Side Request Forgery in Microsoft Office SharePoint
CVE-2025-53760

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Server 2019; Microsoft Sharepoint Server Subscription Edition
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-53760?

A server-side request forgery vulnerability in Microsoft Office SharePoint exists that allows an authorized attacker to make unauthorized requests and potentially elevate privileges on a network. This exploit can be leveraged to manipulate server configurations and gain access to sensitive information, making it crucial for organizations to apply security patches and follow best practices in network security.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5513.1002

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20041

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.18526.20518

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jul 9, 2025