What is the CVSS score of CVE-2025-53770?

CVE-2025-53770 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 90.5%.

Which versions of Microsoft are affected by CVE-2025-53770?

Organizations using Deserialization of untrusted data in on-premises Microsoft SharePoint Server face critical risk from CVE-2025-53770, a insecure deserialization vulnerability rated CVSS 9.8.

Is there a public PoC exploit available for CVE-2025-53770?

Yes, a public proof-of-concept exploit is available for CVE-2025-53770. Prioritise patching immediately. EPSS: 90.5%.

How to fix or mitigate CVE-2025-53770?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

Microsoft CVE-2025-53770

CRITICAL

Deserialization of Untrusted Data (CWE-502)

2025-07-20 secure@microsoft.com

Microsoft RCE Deserialization

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:20 vuln.today

Added to CISA KEV

Oct 27, 2025 - 17:12 cisa

CISA KEV

CIRCL Exploitation Confirmed

Oct 27, 2025 - 17:12 circl

CIRCL KEV

PoC Detected

Oct 27, 2025 - 17:12 vuln.today

Public exploit code

CVE Published

Jul 20, 2025 - 01:15 nvd

CRITICAL 9.8

DescriptionCVE.org

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

AnalysisAI

Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release.

Technical ContextAI

The CWE-502 deserialization flaw allows unauthenticated attackers to send crafted serialized data to SharePoint Server, which deserializes it without proper validation, leading to arbitrary code execution in the SharePoint application context.

Affected ProductsAI

Microsoft SharePoint Server (on-premises, affected versions)

RemediationAI

Apply Microsoft's mitigation steps immediately. Install the comprehensive update when available. Restrict network access to SharePoint. Monitor for suspicious deserialization patterns in IIS logs.

CVE-2025-53770 vulnerability details – vuln.today

Back

Microsoft CVE-2025-53770

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code