CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jul 21, 2025
Description
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
EPSS — Exploit Probability
Higher than 99.6% of all CVEs
Required Action
CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53770
Related Articles (2)
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
Attack surface exposure leaves services reachable as exploits appear within 24–48 hours after disclosure, increasing breach risk.
Mar 10, 2026
M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds
The latest M-Trends report is based on insights from over 500,000 hours of Mandiant incident response investigations in 2025.
Mar 23, 2026
Risk Assessment
CRITICALDetails
- Severity
- High
- EPSS
- 90.5%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 2
Timeline
Published
Jul 20, 2025
Added to KEV
Jul 20, 2025
Remediation Due
Jul 21, 2025