HomeVulnerabilitiesCVE-2025-53770
Critical Risk Active Exploitation

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

Share this vulnerability:
⚠️

Confirmed Active Exploitation

This vulnerability is listed in the CISA KEV Catalog. Federal agencies are mandated to patch immediately. Immediate remediation is required.

Exploitation Probability (EPSS)

Critical Priority
89.91%

The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.

0% (Theoretical)100% (Certainty)

7-Day Exploitation Trend

Vulnerability Timeline

4 events
Jul 20, 2025
Vulnerability Disclosed
Published to component-level vulnerability database.
Jul 21, 2025
Added to CISA KEV
CVE added to CISA Known Exploited Vulnerabilities
Jul 27, 2025
EPSS Score Increased
Daily EPSS score increased by 0.164 on 2025-07-21
Jul 30, 2025
Last Updated
Record updated with new analysis or tags.

Threat Actor Attribution

PREMIUM INTEL
Associated Groups:Lazarus Group, APT28
Ransomware Campaigns:LockBit 3.0, BlackCat
IoCs (Indicators):14 IPs, 3 Hashes

Remediation & Mitigation

SOLUTION

Official patches and mitigation steps are available for this vulnerability.

# Update Command
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name

Affected Products

3 Total
microsoft/sharepoint_serverAll Versions
microsoft/sharepoint_server2016
microsoft/sharepoint_server2019

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770Microsoft
Vendor Advisory
https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/Arstechnica
ExploitPress/Media Coverage
https://github.com/kaizensecurity/CVE-2025-53770GitHub
Exploit
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/Microsoft
MitigationVendor Advisory

Am I Vulnerable?

Check your domain or package.json for CVE-2025-53770 exposure.

Share This Page

Help others discover this vulnerability information

Vulnerability Details

CVSS Base Score
9.8/ 10
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published Date
Jul 20, 2025
Last Modified
Jul 30, 2025
Need API Access?

Integrate this data into your SOAR platform.

View Plans →
Need Manual Validation?

Automated scanners flag false positives. Get a manual pentest validation for this CVE.