Microsoft issued security updates addressing a critical vulnerability in SharePoint Server (CVE-2025-53770) that allows remote code execution, as well as a spoofing flaw (CVE-2025-53771). The first vulnerability, with a CVSS score of 9.8, results from the deserialization of untrusted data. The second, with a score of 6.3, exploits improper pathname limitations. Microsoft noted that these vulnerabilities are linked to others and emphasized that recent updates provide more robust protections compared to prior patches, highlighting a proactive response to ongoing active attacks.
CVE-2025-53770, with a CVSS score of 9.8, involves remote code execution due to deserialization of untrusted data in Microsoft SharePoint Server's on-premise versions.
CVE-2025-53771 presents a spoofing flaw due to improper limitation of a pathname in Microsoft Office SharePoint, allowing attackers to exploit it over a network.
Microsoft acknowledges active attacks on SharePoint Server customers exploiting vulnerabilities, and emphasizes the update for CVE-2025-53770 provides more robust protections than earlier patches.
The vulnerabilities CVE-2025-53770 and CVE-2025-53771 relate to other documented SharePoint vulnerabilities, which can be chained together for remote code execution.
Collection
[
|
...
]