CVE-2025-53770

{"id": "CVE-2025-53770", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@microsoft.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-20T01:15:30.777", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/", "tags": ["Exploit", "Press/Media Coverage"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kaizensecurity/CVE-2025-53770", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://news.ycombinator.com/item?id=44629710", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://research.eye.security/sharepoint-under-siege/", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally", "tags": ["Press/Media Coverage"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/", "tags": ["Press/Media Coverage"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770", "tags": ["Mailing List", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw", "tags": ["Press/Media Coverage"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/", "tags": ["Press/Media Coverage"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://x.com/Shadowserver/status/1946900837306868163", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secure@microsoft.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.\nMicrosoft is aware that an exploit for CVE-2025-53770 exists in the wild.\nMicrosoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation."}, {"lang": "es", "value": "La deserializaci\u00f3n de datos no confiables en on-premises Microsoft SharePoint Server permite que un atacante no autorizado ejecute c\u00f3digo a trav\u00e9s de la red. Microsoft tiene conocimiento de la existencia de un exploit para CVE-2025-53770. Microsoft est\u00e1 preparando y probando a fondo una actualizaci\u00f3n completa para abordar esta vulnerabilidad. Mientras tanto, aseg\u00farese de que la mitigaci\u00f3n proporcionada en esta documentaci\u00f3n de CVE est\u00e9 implementada para estar protegido contra el exploit."}], "lastModified": "2025-07-23T18:09:55.970", "cisaActionDue": "2025-07-21", "cisaExploitAdd": "2025-07-20", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "vulnerable": true, "matchCriteriaId": "E1677A89-14A2-496E-A2EB-387B1BFE876C", "versionEndExcluding": "16.0.18526.20508"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com", "cisaRequiredAction": "CISA recommends configuring AMSI integration in SharePoint and deploying Defender AV on all SharePoint servers. If AMSI cannot be enabled, CISA recommends disconnecting affected products that are public-facing on the internet from service until official mitigations are available. Once mitigations are provided, apply them according to CISA and vendor instructions. Follow the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. ", "cisaVulnerabilityName": "Microsoft SharePoint Deserialization of Untrusted Data Vulnerability"}