CVE-2025-53770
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-53770. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
No description available
Available Exploits
Microsoft SharePoint Server - Remote Code Execution (ToolShell)
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
Related News
About 10 days ago exploits for Microsoft SharePoint (CVE-2025-53770, CVE-2025-53771) started being publicly abused â we wrote about that at here and here .
Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to ShareP…
Learn about the critical Microsoft SharePoint vulnerability CVE‑2025‑53770, key stats, and urgent steps to secure your environment.
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, is under active exploitation in the wild. The vulnerability, with a CVSS score of 9.8, impacts on-premises SharePoint Server 2016, 2019, and Subscription Edition, and allows…
A few days after the exploit originally became widely known, there are now many different SharePoint exploit attempts in circulation. We do see some scans by researchers to identify vulnerable systems (or to scan for common artifacts of compromise), and a few…
Affected Products
Affected Versions:
Affected Versions:
Affected Versions:
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
CISA recommends configuring AMSI integration in SharePoint and deploying Defender AV on all SharePoint servers. If AMSI cannot be enabled, CISA recommends disconnecting affected products that are public-facing on the internet from service until official mitigations are available. Once mitigations are provided, apply them according to CISA and vendor instructions. Follow the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Affected Product
Ransomware Risk
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: August 5, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: July 20, 2025, Modified: July 22, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
🔥 Top 10 Trending CVEs (09/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-47178](https://nvd.nist.gov/vuln/detail/CVE-2025-47178)** - 📝 Microsoft Configuration Manager Remote Code Execution Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 8 - 🧭 **Vector:** CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 16 - ⚠️ **Priority:** 2 - …
August 2025 on Pentest-Tools.com: Burp issues imports, EPSS scoring, grouped findings API Manual overhead kills momentum. Here’s how we cut it down this August 🔪 🔹 Burp Suite Extension 👉 Send issues straight to your [Pentest-Tools.com](http://Pentest-Tools.com) workspace. No more copy-paste. 🔹 Website Scanner 👉 Record logins with Chrome DevTools, validate …
🔥 Top 10 Trending CVEs (03/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53772](https://nvd.nist.gov/vuln/detail/CVE-2025-53772)** - 📝 Web Deploy Remote Code Execution Vulnerability - 📅 **Published:** 12/08/2025 - 📈 **CVSS:** 8.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 6 - ⚠️ **Priority:** 2 - 📝 …
CVE-2025–53770 EXPLAINED: ToolShell RCE + Live SOC Analysis (Letsdefend SOC342) In this guide, I provide a detailed walkthrough for security analysts on how to identify, investigate, and respond to the **ToolShell vulnerability** (CVE-2025–53770). This critical vulnerability affects on-premises **Microsoft SharePoint servers** and allows unauthorized attackers to achieve remote code execution …
🔥 Top 10 Trending CVEs (21/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-43300](https://nvd.nist.gov/vuln/detail/CVE-2025-43300)** - 📝 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 …
🔥 Top 10 Trending CVEs (20/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-55346](https://nvd.nist.gov/vuln/detail/CVE-2025-55346)** - 📝 User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by …
🔥 Top 10 Trending CVEs (19/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-42057](https://nvd.nist.gov/vuln/detail/CVE-2024-42057)** - 📝 A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, …
🚨 New immediate detection live in Network Scanner 👉 #ToolShell (CVE-2025-53770) 🚨 The latest update helps you confirm protection against ToolShell (CVE-2025-53770, CVSS 9.8) on SharePoint servers: ✅ Run instant, single-CVE scans on your SharePoint servers ✅ Verify if your patches actually worked ✅ Get clear, evidence-backed results for faster …
Colt Telecom Faces Major Cyberattack by WarLock Ransomware Group **Colt Technology Services is grappling with a significant cyberattack that has disrupted its operations following a claim of responsibility by the WarLock ransomware group.** **Key Points:** - Colt's systems have been offline since August 12 due to the attack. - WarLock …
CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities CISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities: CVE-2025-49704 [CWE-94: Code Injection], CVE-2025-49706 [CWE-287: Improper... **CVEs:** CVE-2025-49704,CVE-2025-49706,CVE-2025-53770,CVE-2025-53771 **Source:** https://www.cisa.gov/news-events/alerts/2025/08/06/cisa-releases-malware-analysis-report-associated-microsoft-sharepoint-vulnerabilities