THREATOPS
THREAT OPSCVEs › CVE-2025-53770

CVE-2025-53770 — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

CISA KEVExploited: confirmedMicrosoft

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

Vulnerability details

Related reporting