Home Microsoft CVE-2025-53770
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Microsoft

CVE-2025-53770

Exploited

Microsoft SharePoint Server

Microsoft CVSS 9.8 Updated March 12, 2026

Executive Risk Summary

"A deserialization of untrusted data vulnerability in Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network, with exploits existing in the wild. Microsoft is preparing a comprehensive update to address this vulnerability, but in the meantime, users are advised to apply the provided mitigation to protect against exploitation."

Operational Audit Arsenal

Target Type Executable
Target Asset w3wp.exe
Standard Path %windir%\System32\inetsrv\w3wp.exe
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: w3wp.exe (Executable)
$Targets = 'w3wp.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

SharePoint services

Internal Work Notes

Urgent: Apply mitigation for CVE-2025-53770 in Microsoft SharePoint Server to prevent remote code execution attacks, pending official patch release.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

MSRC Advisoryhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
Official Advisoryhttps://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/
Official Advisoryhttps://github.com/kaizensecurity/CVE-2025-53770
MSRC Advisoryhttps://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
Official Advisoryhttps://news.ycombinator.com/item?id=44629710
Official Advisoryhttps://research.eye.security/sharepoint-under-siege/
Official Advisoryhttps://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
Official Advisoryhttps://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
Official Advisoryhttps://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
Official Advisoryhttps://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw
Official Advisoryhttps://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/
Official Advisoryhttps://x.com/Shadowserver/status/1946900837306868163
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770

Related Microsoft Threats

CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-33105 CVSS 10

Microsoft Azure Kubernetes Service - Azure Kubernetes
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.