Deserialization Vulnerability in Microsoft SharePoint Server
CVE-2025-53770

9.8CRITICAL

Key Information:

Vendor

Microsoft
Status
Microsoft Sharepoint Enterprise Server 2016
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server Subscription Edition
Vendor
CVE Published:
20 July 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 73,600💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 69%🦅 CISA Reported📰 News Worthy

What is CVE-2025-53770?

CVE-2025-53770 is a significant vulnerability affecting Microsoft SharePoint Server, a widely used platform for collaboration, document management, and content management within organizations. This vulnerability is characterized as a deserialization flaw in which untrusted data can be processed in a way that allows an unauthorized attacker to execute arbitrary code over a network. Such a weakness in SharePoint could lead to severe consequences for an organization, as malicious actors could gain unauthorized access to sensitive information, tamper with data, or even take control of affected systems. The ramifications of exploitation could be particularly damaging, as SharePoint plays a critical role in many enterprise environments, often housing essential business documents and workflows.

Potential impact of CVE-2025-53770

  1. Unauthorized Code Execution: An attacker exploiting this vulnerability could execute arbitrary code on the SharePoint server, leading to complete control over the affected system. This level of access could be used to conduct further attacks within the network or to manipulate data.

  2. Data Breaches and Information Leakage: The successful exploitation of CVE-2025-53770 could grant adversaries access to confidential documents and sensitive information stored within SharePoint. This could result in significant data breaches, affecting an organization’s reputation and compliance with data protection regulations.

  3. Operational Disruption: Organizations could experience operational disruptions as malicious actors may exploit the vulnerability to alter, delete, or steal critical business data. This disruption could lead to downtime, recovery costs, and prolonged impacts on business continuity.

CISA has reported CVE-2025-53770

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-53770 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5513.1001

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20037

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.18526.20508

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-53770-Exploit
Created by soltanali0

CVE-2025-53770
Created by 3a7

CVE-2025-53770
Created by kaizensecurity

News Articles

favicon imagewokb.cz

ALERTS VULNEREBILITY

DATENAME INFO CATEGORYSUBCATE 25.7.25 CVE-2025-53770 - Critical SharePoint Zero-Day vulnerability exploited in the wild Microsoft has patched a zero-day vulnerability in SharePoint...

5 days ago

favicon imageBleepingComputer

The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025

Can your defenses withstand the biggest attacks of Summer 2025? From Interlock's FileFix to Qilin, Scattered Spider, and ToolShell exploits—simulate them all against your organization's defenses with Picus Security Validation Platform to find gaps before attackers do.

6 days ago

favicon imageBleepingComputer

Ransomware gangs join attacks targeting Microsoft SharePoint servers

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.

1 week ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

69% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🟡

    Public PoC available

  • 💰

    Used in Ransomware

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53770 : Deserialization Vulnerability in Microsoft SharePoint Server