CVE-2025-53771
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-53771. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
No description available
Available Exploits
Related News
A few days after the exploit originally became widely known, there are now many different SharePoint exploit attempts in circulation. We do see some scans by researchers to identify vulnerable systems (or to scan for common artifacts of compromise), and a few…
Microsoft disclosed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, that are exploited to attack SharePoint servers. Possession of these cryptographic machine keys allows an attacker to forge authentication tokens and maintain access even if …
CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.
Microsoft has released emergency security updates for two actively exploited zero-day vulnerabilities in SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, that have compromised servers worldwide in what researchers call "ToolShell" attacks. The U.S. C…
Affected Products
Affected Versions:
Affected Versions:
Affected Versions:
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: July 24, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: July 21, 2025, Modified: July 21, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
SharePoint “ToolShell” zero day If SharePoint “ToolShell” zero day is ruining your day, we've got you covered. CVE-2025-53770 and CVE-2025-53771 don't have to get in the way of your detection and hunting activities.
Serious Security Flaw: Metasploit Module Targets Active SharePoint Exploits **New Metasploit module exposes critical zero-day vulnerabilities in Microsoft SharePoint Server, allowing unauthenticated remote code execution.** **Key Points:** - SharePoint vulnerabilities (CVE-2025-53770/53771) exploited through a simple HTTP request. - Unauthenticated remote code execution on SharePoint 2019 with SYSTEM privileges. - Immediate …
Critical Zero-Day in Microsoft SharePoint Enables Unauthenticated Remote Code Execution CVE-2025-53770 (CVSS 9.8) is a critical zero-day vulnerability affecting **on-premises Microsoft SharePoint Server**. It is a variant of CVE-2025-49704 and stems from unsafe deserialization of untrusted data, allowing **unauthenticated remote code execution** over the network. Attackers exploit this flaw to …
🔥 Top 10 Trending CVEs (24/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-4947](https://nvd.nist.gov/vuln/detail/CVE-2024-4947)** - 📝 Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security …
Microsoft bleibt stabil - diesmal Sharepoint > CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks > CVE-2025-49704 – SharePoint Remote Code Execution CVE-2025-49706 – SharePoint Post-auth Remote Code Execution CVE-2025-53770 – SharePoint ToolShell Authentication Bypass and Remote Code Execution CVE-2025-53771 – SharePoint ToolShell Path Traversal
🔥 Top 10 Trending CVEs (23/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49113](https://nvd.nist.gov/vuln/detail/CVE-2025-49113)** - 📝 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading …
🔥 Top 10 Trending CVEs (22/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53816](https://nvd.nist.gov/vuln/detail/CVE-2025-53816)** - 📝 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in …
Microsoft Moves Quickly to Patch ToolShell Exploits Targeting SharePoint Servers **Microsoft has begun releasing critical updates to address zero-days that hackers exploited to compromise SharePoint servers.** **Key Points:** - Two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 were actively exploited against SharePoint Servers. - Attacks involved planting webshells and exfiltrating …
Proactive Security for CVE-2025-53770 and CVE-2025-53771 SharePoint Attacks
On-Prem Sharepoint servers compromised [https://research.eye.security/sharepoint-under-siege/](https://research.eye.security/sharepoint-under-siege/) CVE Update Guide: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771) What to do: [https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/](https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/) (I was supposed to be off today)