Deserialization Vulnerability in Microsoft SharePoint Server
CVE-2025-53770
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 20 July 2025
Badges
What is CVE-2025-53770?
CVE-2025-53770 is a significant vulnerability affecting Microsoft SharePoint Server, a widely used platform for collaboration, document management, and content management within organizations. This vulnerability is characterized as a deserialization flaw in which untrusted data can be processed in a way that allows an unauthorized attacker to execute arbitrary code over a network. Such a weakness in SharePoint could lead to severe consequences for an organization, as malicious actors could gain unauthorized access to sensitive information, tamper with data, or even take control of affected systems. The ramifications of exploitation could be particularly damaging, as SharePoint plays a critical role in many enterprise environments, often housing essential business documents and workflows.
Potential impact of CVE-2025-53770
-
Unauthorized Code Execution: An attacker exploiting this vulnerability could execute arbitrary code on the SharePoint server, leading to complete control over the affected system. This level of access could be used to conduct further attacks within the network or to manipulate data.
-
Data Breaches and Information Leakage: The successful exploitation of CVE-2025-53770 could grant adversaries access to confidential documents and sensitive information stored within SharePoint. This could result in significant data breaches, affecting an organization’s reputation and compliance with data protection regulations.
-
Operational Disruption: Organizations could experience operational disruptions as malicious actors may exploit the vulnerability to alter, delete, or steal critical business data. This disruption could lead to downtime, recovery costs, and prolonged impacts on business continuity.
CISA has reported CVE-2025-53770
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-53770 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Affected Version(s)
Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5513.1001
Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20037
Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.18526.20508
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
ALERTS VULNEREBILITY
DATENAME INFO CATEGORYSUBCATE 25.7.25 CVE-2025-53770 - Critical SharePoint Zero-Day vulnerability exploited in the wild Microsoft has patched a zero-day vulnerability in SharePoint...
5 days ago
The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025
Can your defenses withstand the biggest attacks of Summer 2025? From Interlock's FileFix to Qilin, Scattered Spider, and ToolShell exploits—simulate them all against your organization's defenses with Picus Security Validation Platform to find gaps before attackers do.
6 days ago
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.
1 week ago
References
EPSS Score
69% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 🟡
Public PoC available
- 💰
Used in Ransomware
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by SecurityWeek
Vulnerability published
Vulnerability Reserved