How to fix CVE-2025-53770?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

Is Deserialization affected by CVE-2025-53770?

Organizations using Deserialization of untrusted data in on-premises Microsoft SharePoint Server face critical risk from CVE-2025-53770, a insecure deserialization vulnerability rated CVSS 9.8.

CVE-2025-53770

CRITICAL

2025-07-20 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:20 vuln.today

Added to CISA KEV

Oct 27, 2025 - 17:12 cisa

CISA KEV

CIRCL Exploitation Confirmed

Oct 27, 2025 - 17:12 circl

CIRCL KEV

PoC Detected

Oct 27, 2025 - 17:12 vuln.today

Public exploit code

CVE Published

Jul 20, 2025 - 01:15 nvd

CRITICAL 9.8

Description

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

Analysis

Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release.

Technical Context

The CWE-502 deserialization flaw allows unauthenticated attackers to send crafted serialized data to SharePoint Server, which deserializes it without proper validation, leading to arbitrary code execution in the SharePoint application context.

Affected Products

['Microsoft SharePoint Server (on-premises, affected versions)']

Remediation

Apply Microsoft's mitigation steps immediately. Install the comprehensive update when available. Restrict network access to SharePoint. Monitor for suspicious deserialization patterns in IIS logs.

Priority Score

220

Low Medium High Critical

KEV: +50

EPSS: +90.5

CVSS: +49

POC: +20

CVE-2025-53770 vulnerability details – vuln.today

Back

CVE-2025-53770

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code