CVE-2025-53770

Name: CVE-2025-53770
Creator: NVD / NIST
Published: 2025-07-20T01:15:30.777+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10Actively ExploitedEPSS 99.98%

Last modified Jun 17, 2026

CVE-2025-53770 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.. CISA has confirmed active exploitation in the wild. EPSS estimates a 99.98% chance of exploitation in the next 30 days.

Description

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

99.98%

100.0th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jul 21, 2025.

Weakness Enumeration

CWE-502

Affected Software

Vendor	Product	Versions
Microsoft	Sharepoint Server	< 16.0.18526.20508
Microsoft	Sharepoint Server	2016
Microsoft	Sharepoint Server	2019

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770Vendor Advisory
https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/Exploit, Press/Media Coverage
https://github.com/kaizensecurity/CVE-2025-53770Exploit
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/Mitigation, Vendor Advisory
https://news.ycombinator.com/item?id=44629710Issue Tracking
https://research.eye.security/sharepoint-under-siege/Exploit, Mitigation, Third Party Advisory
https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globallyPress/Media Coverage
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/Press/Media Coverage
https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770Mailing List, Third Party Advisory, US Government Resource
https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flawPress/Media Coverage
https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/Press/Media Coverage
https://x.com/Shadowserver/status/1946900837306868163Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770US Government Resource

Timeline

Published: Jul 20, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-53770?

How severe is CVE-2025-53770?

CVE-2025-53770 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 99.98% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2025-53770?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-53770?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST