Path Traversal Vulnerability in Microsoft Office SharePoint
CVE-2025-53771

6.5MEDIUM

Key Information:

Vendor

Microsoft
Status
Microsoft Sharepoint Enterprise Server 2016
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server Subscription Edition
Vendor
CVE Published:
20 July 2025

Badges

🟣 EPSS 11%📰 News Worthy

What is CVE-2025-53771?

CVE-2025-53771 is a path traversal vulnerability identified in Microsoft Office SharePoint, a widely used platform for collaboration and document management within organizations. The vulnerability arises from improper handling of file paths, allowing unauthorized users to exploit this weakness and access restricted directories. This results in potential spoofing attacks, where an attacker can manipulate the system's behavior or access sensitive information without proper authorization. Organizations utilizing SharePoint could face significant security risks, including unauthorized data exposure and compromised integrity of their collaborative environments.

Potential impact of CVE-2025-53771

  1. Unauthorized Data Access: Attackers could exploit this vulnerability to gain unauthorized access to sensitive documents stored in SharePoint, leading to data breaches that compromise confidentiality and compliance obligations.

  2. Spoofing Attacks: The path traversal nature of this vulnerability allows attackers to create misleading scenarios that could deceive users or other systems into trusting malicious actions, potentially damaging reputations and operational integrity.

  3. Exploitation of Supporting Systems: By indirectly gaining access to SharePoint's functionalities, attackers could leverage this vulnerability to target connected systems, escalating their attacks into more critical areas of an organization’s IT infrastructure.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5513.1001

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20037

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.18526.20508

News Articles

favicon imageCyberScoop

Microsoft SharePoint attacks ensnare 400 victims, including federal agencies

The Departments of Energy, Homeland Security and Health and Human Services have been impacted.

3 weeks ago

favicon imageCybersecurity Dive

What we know about the Microsoft SharePoint attacks

State-linked hackers and ransomware groups are targeting SharePoint customers across the globe.

3 weeks ago

favicon imageTrend Micro

Proactive Security for CVE-2025-53770 and CVE-2025-53771 SharePoint Attacks

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

3 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53771 : Path Traversal Vulnerability in Microsoft Office SharePoint