
Microsoft Addresses Critical SharePoint Vulnerability: CVE-2025-53770
This morning, Microsoft issued an alert regarding a significant vulnerability in SharePoint that cybercriminals are actively exploiting. Designated CVE-2025-53770, this security flaw permits unauthorized users to remotely execute arbitrary code on on-premises SharePoint servers without requiring authentication.
Overview of Vulnerabilities and Patch Status
The Microsoft Defender Vulnerability Management team acknowledges the urgent nature of this situation and has released comprehensive guidance regarding the impact and remediation strategies for the affected vulnerabilities. Along with CVE-2025-53770, the guidance includes information on previously patched vulnerabilities: CVE-2025-49704 and CVE-2025-49706, along with the ongoing patching efforts for CVE-2025-53771.
Details of Key Vulnerabilities
CVE | Type | CVSS v3.1 | Patch Status |
---|---|---|---|
CVE-2025-49704 | Improper control of code generation → authenticated RCE | 8.8 (High) | Fixed in the July 8, 2025 security updates — Subscription Edition KB 5002768, SharePoint Server 2019 KB 5002741, SharePoint Server 2016 KB 5002744.Microsoft Support |
CVE-2025-49706 | Improper authentication / spoofing | 6.3 (Medium) | Fixed in the same July 8, 2025 updates (KB 5002768 / 5002741 / 5002744).Microsoft Support |
CVE-2025-53770 | Deserialization of untrusted data → unauthenticated RCE | 9.8 (Critical) | Emergency patch released for Subscription Edition KB 5002768 and SharePoint 2019 KB 5002754; patch for SharePoint 2016 is pending.Microsoft Security Response Center |
CVE-2025-53771 | Path traversal / spoofing | 6.3 (Medium) | Addressed by the same emergency updates as CVE-2025-53770 (SE KB 5002768, 2019 KB 5002754); SharePoint 2016 fix forthcoming.Microsoft Security Response Center |
Impacted Products
Product | CVE-2025-49704 | CVE-2025-49706 | CVE-2025-53770 | CVE-2025-53771 |
---|---|---|---|---|
SharePoint Server Subscription Edition | ✅ Affected | ✅ Affected | ✅ Affected | ✅ Affected |
SharePoint Server 2019 | ✅ Affected | ✅ Affected | ✅ Affected | ✅ Affected |
SharePoint Server 2016 | ✅ Affected | ✅ Affected | ✅ Affected | ✅ Affected |
SharePoint Online | ❌ Not affected | ❌ Not affected | ❌ Not affected | ❌ Not affected |
For additional insights and in-depth information, you can visit the official blog post on Microsoft’s Tech Community website here.
Leave a Reply