CVE-2025-53770

🗓️ 20 Jul 2025 01:06:33Reported by microsoftType

cve🔗 web.nvd.nist.gov📰️ 159 Media mentions👁 1056 Views🌐 WEB

Deserialization vulnerability in Microsoft SharePoint Server allows unauthorized code execution via network.

Reporter	Title	Published	Views	Family All 118
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	28 Jul 202522:41	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	25 Jul 202520:43	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	21 Jul 202518:43	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	27 Jul 202520:55	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	23 Sep 202519:05	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	26 Jul 202510:54	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	23 Jul 202521:02	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	22 Jul 202522:33	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	2 Aug 202508:00	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Microsoft	24 Jul 202501:14	–	githubexploit

NVD

Vulners

CNA

Node

microsoft sharepoint_serverRange<16.0.18526.20508subscription

microsoft sharepoint_serverMatch2016enterprise

microsoft sharepoint_serverMatch2019

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Enterprise Server 2016",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.5513.1001",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Server 2019",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.10417.20037",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Server Subscription Edition",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.18526.20508",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
research	www.research.eye.security/sharepoint-under-siege/
github	www.github.com/kaizensecurity/CVE-2025-53770
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog
bleepingcomputer	www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
news	www.news.ycombinator.com/item
x	www.x.com/Shadowserver/status/1946900837306868163
cisa	www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
therecord	www.therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
arstechnica	www.arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/

Parameter	Position	Path	Description	CWE
MSOTlPn_Uri	request body	/_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx	Unauthenticated deserialization exploit in SharePoint ToolPane.aspx via Scorecard:ExcelDataSet to achieve remote code execution.	CWE-502
MSOTlPn_DWP	request body	/_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx	Unauthenticated deserialization exploit in SharePoint ToolPane.aspx via Scorecard:ExcelDataSet to achieve remote code execution.	CWE-502

13 Feb 2026 19:07Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.19.8

EPSS0.88182

SSVC