VIR Vulnerability Intelligence Relay

CVE-2025-53770

unknown KEV
Published 2025-07-20 ยท Modified 2025-07-20
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
2.5

Description

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

CISA KEV

Vendor
Microsoft
Product
SharePoint
Due date
2025-07-21

Predictions

Exploit likelihood
99%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27
{Vendor advisory: cisa-kev โ€” CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53770}

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-52405 remote windows
Agampreet Singh ยท 2025-08-11

Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)

Source code queued for fetch โ€” refresh in a moment.

Metasploit modules

exploit_windows/http/sharepoint_toolpane_rce rank 600
Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
Source code queued for fetch โ€” refresh in a moment.

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.