9.8

CVE-2025-53770

Warnung

Medienbericht

Exploit

EPSS 85.69%
Veröffentlicht 20.07.2025 01:15:30
Zuletzt bearbeitet 30.07.2025 01:00:01
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
Microsoft is preparing and fully testing a comprehensive update to address this vulnerability.  In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

Betroffene Produkte Warnungen 2 Metriken 2 CWE 1 Referenzen 22

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Sharepoint Server SwEditionsubscription Version < 16.0.18526.20508

Microsoft ≫ Sharepoint Server Version2016 SwEditionenterprise

Microsoft ≫ Sharepoint Server Version2019

20.07.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Schwachstelle

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network.

Beschreibung

CISA recommends configuring AMSI integration in SharePoint and deploying Defender AV on all SharePoint servers. If AMSI cannot be enabled, CISA recommends disconnecting affected products that are public-facing on the internet from service until official mitigations are available. Once mitigations are provided, apply them according to CISA and vendor instructions. Follow the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Erforderliche Maßnahmen

21.07.2025: CERT.at Warnung

https://www.cert.at/de/warnungen/2025/7/kritische-sicherheitslucke-in-microsoft-sharepoint-aktiv-ausgenutzt-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	85.69%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.heise.de/news/Microsofts-Sharepoint-Luecken-Die-Zero-Days-die-vielleicht-gar-keine-waren-10505387.html

Medienbericht

heise Security

https://www.heise.de/news/Drei-chinesische-Gruppen-als-Angreifer-auf-Sharepoint-Server-identifiziert-10496598.html

Medienbericht

heise Security

https://www.heise.de/hintergrund/Angriffe-auf-Microsoft-Sharepoint-Das-muessen-Admins-nach-dem-Patchen-tun-10496148.html

Medienbericht

heise Security

https://www.heise.de/news/Update-Neue-Version-von-Sharepoint-2016-behebt-Toolshell-Luecke-10495573.html

Medienbericht

heise Security

https://www.heise.de/news/Kritische-Sharepoint-Sicherheitsluecke-Erste-Patches-fuer-ToolShell-sind-da-10493989.html

Medienbericht

heise Security

https://www.heise.de/news/Microsoft-Angriffe-auf-neue-Sharepoint-Luecke-bislang-kein-Patch-verfuegbar-10493705.html

Medienbericht

heise Security

https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/

Medienbericht

Krebs on Security

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770

Vendor Advisory

https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/

Vendor Advisory

Mitigation

https://research.eye.security/sharepoint-under-siege/

Third Party Advisory

Exploit

Mitigation

https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/

Press/Media Coverage

https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770

Third Party Advisory

US Government Resource

Mailing List

https://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/

Press/Media Coverage

https://x.com/Shadowserver/status/1946900837306868163

Third Party Advisory

https://github.com/kaizensecurity/CVE-2025-53770

Exploit

https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally

Press/Media Coverage

https://news.ycombinator.com/item?id=44629710

Issue Tracking

https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/

Exploit

Press/Media Coverage

https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flaw

Press/Media Coverage

https://nvd.nist.gov/vuln/detail/CVE-2025-53770

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-53770

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-53770

EUVD