CVE-2025-53770
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
| Vendor | microsoft |
| Product | microsoft sharepoint enterprise server 2016 |
| Ecosystems | |
| Industries | TechnologyEnterprise |
| Published | Jul 20, 2025 |
| Last Updated | Feb 26, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for microsoft microsoft sharepoint enterprise server 2016
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-53770.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Microsoft / Microsoft SharePoint Enterprise Server 2016
16.0.0 < 16.0.5513.1001
Microsoft / Microsoft SharePoint Server 2019
16.0.0 < 16.0.10417.20037
Microsoft / Microsoft SharePoint Server Subscription Edition
16.0.0 < 16.0.18526.20508
References
msrc.microsoft.com: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770 msrc.microsoft.com: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ cisa.gov: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 research.eye.security: https://research.eye.security/sharepoint-under-siege/ bleepingcomputer.com: https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ forbes.com: https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/ x.com: https://x.com/Shadowserver/status/1946900837306868163 github.com: https://github.com/kaizensecurity/CVE-2025-53770 therecord.media: https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally news.ycombinator.com: https://news.ycombinator.com/item?id=44629710 arstechnica.com: https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/ darkreading.com: https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw