CVE-2025-53770CRITICAL 9.8CISA KEVEPSS p100.0%
CVE-2025-53770Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft / SharePoint
Description
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Scoring
| CVSS 3.1 | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 99.98% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z |
| Published | 2025-07-20 |
| Last modified | 2025-10-27 |
CISA KEV entry
Added to KEV: 2025-07-20
Underlying weaknesses· 1
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
- https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/
- https://github.com/kaizensecurity/CVE-2025-53770
- https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
- https://news.ycombinator.com/item?id=44629710
- https://research.eye.security/sharepoint-under-siege/
- https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
- https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Deserialization of Untrusted Datacwe-502 | 0% | live |
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | Microsoft SharePoint Deserialization of Untrusted Data Vulnerabilitykev-cve-2025-53770 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.