CVE-2025-53770

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability

Entry Details

Vulnerability ID

CVE-2025-53770

Status

Confirmed

Exploited

Yes

Status Updated At

2025-07-20 00:00 UTC

Timestamps

First Seen At

2025-07-20

Asserted At

2025-07-20

Scope

Notes

KEV entry: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability | Affected: Microsoft / SharePoint | Description: Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704. | Required action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2025-07-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53770

References

{'id': 'CVE-2025-53770', 'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-53770'}

Entry UUID

19295aeb-29a8-4dd9-b160-efcccd72d5a2

Catalog Origin UUID

405284c2-e461-4670-8979-7fd2c9755a60

Created

2026-02-02 12:25 UTC

Last Updated

2026-02-02 12:25 UTC

Evidence (1)

Type Source Signal Confidence Details GCVE Metadata

Type	Source	Signal	Confidence	Details	GCVE Metadata
vendor_report	cisa-kev	successful_exploitation	0.80	View details `{ "cwes": [ "CWE-502" ], "date_added": "2025-07-20", "due_date": "2025-07-21", "feed": "CISA Known Exploited Vulnerabilities Catalog", "knownRansomwareCampaignUse": "Known", "product": "SharePoint", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Deserialization of Untrusted Data Vulnerability" }`	-

vendor_report

cisa-kev

successful_exploitation

0.80

View details

{
  "cwes": [
    "CWE-502"
  ],
  "date_added": "2025-07-20",
  "due_date": "2025-07-21",
  "feed": "CISA Known Exploited Vulnerabilities Catalog",
  "knownRansomwareCampaignUse": "Known",
  "product": "SharePoint",
  "vendorProject": "Microsoft",
  "vulnerabilityName": "Microsoft SharePoint Deserialization of Untrusted Data Vulnerability"
}

Export Options

JSON Object JSON API View Full Catalog