CVE-2025-53770 and CVE-2025-53771: Actively Exploited SharePoint Vulnerabilities
Essential information
- Published
- 22/07/2025 09:04
- Modified
- 22/07/2025 09:29
- Tags
- 2025-07-22 CVE-2025-49704 CVE-2025-49706 CVE-2025-53770 CVE-2025-53771 deserialization microsoft sharepoint remote code execution unauthenticated attacks viewstate abuse
- Related entities
- 4 vulnerabilities (cve), 8 observables, 6 techniques (mitre), 4 others
Description
Two critical vulnerabilities, CVE-2025-53770 and CVE-2025-53771, are affecting Microsoft SharePoint Servers, enabling attackers to upload malicious files and extract cryptographic secrets. These flaws are evolutions of previously patched vulnerabilities, CVE-2025-49704 and CVE-2025-49706, which were incompletely remediated. Exploit attempts have been observed across various industries, including finance, education, energy, and healthcare. Microsoft has released patches for SharePoint Subscription Edition and Server 2019, with a patch for Server 2016 pending. The vulnerabilities allow for unauthenticated remote code execution through advanced deserialization techniques and ViewState abuse. Active exploitation in the wild has been confirmed, compromising on-premises SharePoint environments globally.