Microsoft issued security updates addressing a critical vulnerability in SharePoint Server (CVE-2025-53770) that allows remote code execution, as well as a spoofing flaw (CVE-2025-53771). The first vulnerability, with a CVSS score of 9.8, results from the deserialization of untrusted data. The second, with a score of 6.3, exploits improper pathname limitations. Microsoft noted that these vulnerabilities are linked to others and emphasized that recent updates provide more robust protections compared to prior patches, highlighting a proactive response to ongoing active attacks.
"CVE-2025-53770, with a CVSS score of 9.8, involves remote code execution due to deserialization of untrusted data in Microsoft SharePoint Server's on-premise versions."
"CVE-2025-53771 presents a spoofing flaw due to improper limitation of a pathname in Microsoft Office SharePoint, allowing attackers to exploit it over a network."
"Microsoft acknowledges active attacks on SharePoint Server customers exploiting vulnerabilities, and emphasizes the update for CVE-2025-53770 provides more robust protections than earlier patches."
"The vulnerabilities CVE-2025-53770 and CVE-2025-53771 relate to other documented SharePoint vulnerabilities, which can be chained together for remote code execution."
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]