{"id":"CVE-2025-53770","details":"Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.\nMicrosoft is aware that an exploit for CVE-2025-53770 exists in the wild.\nMicrosoft is preparing and fully testing a comprehensive update to address this vulnerability.  In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.","modified":"2026-05-04T08:49:45.574006Z","published":"2025-07-20T01:15:30.777Z","withdrawn":"2026-05-04T08:49:45.574006Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770"},{"type":"WEB","url":"https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally"},{"type":"WEB","url":"https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw"},{"type":"WEB","url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/"},{"type":"WEB","url":"https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/"},{"type":"ADVISORY","url":"https://x.com/Shadowserver/status/1946900837306868163"},{"type":"ADVISORY","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770"},{"type":"ADVISORY","url":"https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/"},{"type":"ADVISORY","url":"https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770"},{"type":"REPORT","url":"https://news.ycombinator.com/item?id=44629710"},{"type":"EVIDENCE","url":"https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/"},{"type":"EVIDENCE","url":"https://github.com/kaizensecurity/CVE-2025-53770"},{"type":"EVIDENCE","url":"https://research.eye.security/sharepoint-under-siege/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"16.0.18526.20508"}]},{"events":[{"introduced":"0"},{"last_affected":"2016"}]},{"events":[{"introduced":"0"},{"last_affected":"2019"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53770.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}