CVE-2025-53770

9.8 CRITICAL CISA KEV - Actively Exploited

Published: July 20, 2025 Modified: October 27, 2025

Description

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770

Source: secure@microsoft.com

Vendor Advisory

https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Press/Media Coverage

https://github.com/kaizensecurity/CVE-2025-53770

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/

Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Vendor Advisory

https://news.ycombinator.com/item?id=44629710

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://research.eye.security/sharepoint-under-siege/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Mitigation Third Party Advisory

https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media Coverage

https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media Coverage

https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory US Government Resource

https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media Coverage

https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media Coverage

https://x.com/Shadowserver/status/1946900837306868163

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

13 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.8 / 10.0

EPSS (Exploit Probability)

90.1%

100th percentile

Exploitation Status

Actively Exploited

Remediation due: 2025-07-21

Weaknesses (CWE)

CWE-502

Affected Vendors

microsoft

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3