216.73.217.22

SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know

· Published 21/07/2025 22:45 · Modified 22/07/2025 09:30

Export JSON

Essential information

Published
21/07/2025 22:45
Modified
22/07/2025 09:30
Tags
2025-07-21 CVE-2025-53770 CVE-2025-53771 authentication bypass deserialization on-premises patch rce sharepoint spoofing toolshell zero-day
Related entities
5 vulnerabilities (cve), 3 observables, 7 techniques (mitre), 1 malware

Description

Two critical vulnerabilities, and , are actively exploited in Microsoft servers. These flaws enable unauthenticated remote code execution through an exploit chain dubbed . is a critical vulnerability caused by unsafe , while is a vulnerability allowing . The vulnerabilities affect Server Subscription Edition, Server 2019, and Server 2016. Cloud-hosted self-managed instances are also at risk. Exploitation has been observed since July 18, 2025, with attacks targeting sensitive data extraction and persistent remote access. Microsoft has released emergency patches, and organizations are urged to update immediately or implement workarounds if patching is not possible.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (5)

CVE-2025-53771
6.5 Medium

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …

Attack vector
NETWORK
Published
21/07/2025
Modified
21/12/2025
Received
CVE-2025-53770 KEV
9.8 Critical

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …

Attack vector
Network
Published
20/07/2025
Modified
21/12/2025
Analyzed
CVE-2025-23266
9.0 Critical

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute …

Published
17/07/2025
Modified
17/07/2025
Awaiting Analysis
CVE-2025-49706 KEV
6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector
Network
Published
22/07/2025
Modified
21/12/2025
CVE-2025-49704 KEV
8.8 High

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …

Attack vector
Network
Published
22/07/2025
Modified
21/12/2025

Observables (3)

  • 96.9.125.147
  • 103.186.30.186
  • 92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514

Techniques (MITRE) (7)

  • T1505.003
    Web Shell
  • T1059.001
    PowerShell
  • T1213
    Data from Information Repositories
  • T1082
    System Information Discovery
  • T1083
    File and Directory Discovery
  • T1140
    Deobfuscate/Decode Files or Information
  • T1190
    Exploit Public-Facing Application

Malware (1)

  • ToolShell
    Family
    Published 14/08/2025 22:16 · Modified 14/08/2025 22:16

External references