AI description
CVE-2025-53771 is a spoofing vulnerability affecting Microsoft Office SharePoint. It stems from an improper limitation of a pathname to a restricted directory, also known as a 'path traversal'. This vulnerability allows an authorized attacker to perform spoofing over a network. The vulnerability exists in on-premises SharePoint Servers and does not impact SharePoint Online in Microsoft 365. Microsoft has released updates to address this vulnerability, with the update including more robust protections than previous updates for similar vulnerabilities. It is related to other SharePoint vulnerabilities like CVE-2025-49706, and can be chained with other vulnerabilities to achieve remote code execution.
- Description
- Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- sharepoint_server
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-287
- Hype score
- Not currently trending
https://t.co/r0XB1DhEnq 🗣🇨🇵Alerte ANSSI : #Microsoft #SharePoint Server signale la vulnérabilité CVE-2025-53771 permet à un attaquant de provoquer une usurpation d'identité sur un réseau, une vielle faille déjà présente sur SharePoint Enterprise Server 2010 et 2
@IvanFeghali
8 Sept 2025
89 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Trellix researchers look into a recent wave of exploitation targeting ToolShell vulnerabilities in Microsoft SharePoint Server (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771). https://t.co/oeIcaLYlcX https://t.co/SSiUr8XHAN
@virusbtn
5 Sept 2025
1402 Impressions
7 Retweets
29 Likes
8 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-53770 CVE-2025-43300 CVE-2025-5777 CVE-2024-21887 CVE-2023-46604 (@ThreatBookLabs) CVE-2025-7776 CVE-2025-54309 CVE-2025-7775 CVE-2025-53771 https://t.co/q4Rx5wWFSt
@ptdbugs
29 Aug 2025
286 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#Proactive #Security for CVE-2025-53770 and CVE-2025-53771 #SharePoint_Attacks https://t.co/tloLD9OPvK https://t.co/hcUdHNHgIF
@omvapt
22 Aug 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Proactive_Security for CVE-2025-53770 and CVE-2025-53771 #SharePoint_Attacks https://t.co/bC4ahVz4UO https://t.co/0kySI9Tg2R
@omvapt
21 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53770 (CVSS 9.8) and CVE-2025-53771 - also known as the SharePoint Zero Days - allow unauthenticated attackers to seize control of servers, steal cryptographic keys, and plant persistent backdoors. What started as 75 confirmed breaches has now grown to 400+ https://t.co
@ExtraHop
21 Aug 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New IOC Alert → CVE-2025-53770 and CVE-2025-53771: Actively Exploited SharePoint Vulnerabilities. ■ Indicator: CVE-2025-49704
@CTI131
21 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New IOC Alert → SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know. ■ Indicator: CVE-2025-23266
@CTI131
20 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【漏洞工具】SharePoint 2025 RCE 图形化漏洞利用工具 相关 CVE 编号为: CVE-2025-53770 CVE-2025-53771 CVE-2025-49704 CVE-2025-49706 https://t.co/8DPcYBYCq4 https://t.co/lts8kW1swv
@cybersecuritysl
19 Aug 2025
1260 Impressions
7 Retweets
18 Likes
16 Bookmarks
0 Replies
0 Quotes
Ah bah effectivement… ça n’aura pas traîné 😬 Plus de 400 serveurs #SharePoint déjà compromis via les zero-day CVE-2025-53770 & CVE-2025-53771, attribués à 3 groupes chinois 👉 https://t.co/hD2yQB1HML
@Guardia_School
19 Aug 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53770 and CVE-2025-53771 evolved from vulnerabilities first disclosed at Pwn2Own Berlin 2025. Through @thezdi, Trend Micro has provided proactive defense and protection for customers since May. Be proactive in staying ahead of these vulnerabilities:⬇️
@TrendMicroRSRCH
14 Aug 2025
357 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Decoys / Honeypots to Deploy This Week - go get that 0day payload!🧵 1. Microsoft SharePoint - Still receiving a lot of buzz and activity from the recent big vulnerabilities CVE-2025-53770 and CVE-2025-53771 https://t.co/gvtbrJhTdz
@DefusedCyber
13 Aug 2025
739 Impressions
2 Retweets
8 Likes
4 Bookmarks
1 Reply
0 Quotes
We explored how CVE-2025-53770 and CVE-2025-53771 evolved from earlier vulnerabilities, using deserialization and ViewState mechanisms to allow unauthenticated remote code execution. Discover the complexities of these vulnerabilities:⬇️ https://t.co/PqCWrvrxLp
@TrendMicroRSRCH
7 Aug 2025
934 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-53770 and CVE-2025-53771 evolved from vulnerabilities first disclosed at Pwn2Own Berlin 2025. Through @thezdi, Trend Micro has provided proactive defense and protection for customers since May. Be proactive in staying ahead of these vulnerabilities:⬇️
@TrendMicroRSRCH
6 Aug 2025
924 Impressions
7 Retweets
14 Likes
0 Bookmarks
0 Replies
0 Quotes
New cyber threat: ToolShell is exploiting #SharePoint flaws (CVE-2025-53770 & CVE-2025-53771) for full server access — no login needed. Learn how it works + how to defend against it: Critical Cyber Update: https://t.co/pzkn6AelYy #Cybersecurity #MatriumInsights #ToolShel
@Matrium_Tech
4 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The zero-day in Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771) has been known for a few days now. What exactly happened, how was the #zeroday discovered, and are we sure we caught it in time (if that’s possible)? https://t.co/eKNwY8JxSz
@michael_gazzano
3 Aug 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
: تنبيه أمني عاجل لمستخدمي SharePoint مهاجمون مجهولون يستغلون ثغرتين خطيرتين في SharePoint Server 2016 و2019 والإصدار الاشتراكي — CVE-2025-53770 (تقييم خطورة 9.8) وCVE-2025-53771 (تقييم
@KasperskyKSA
3 Aug 2025
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SharePoint vulnerabilities CVE-2025-53770 & CVE-2025-53771 are under active attack! Learn how the ToolShell exploit chain targets on-premises SharePoint servers and how Vectra AI’s platform detects and stops these threats before they escalate. 🔒 Stay ahead of
@Vectra_AI
30 Jul 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft biztonsági frissítések SharePoint nulladik napi sebezhetőségekhez A Microsoft SharePoint biztonsági frissítéseket adott ki a CVE-2025-53770 és a CVE-2025-53771 azonosítójú két nulladik napi sebezhetőséghez, amelyek világszerte veszélyeztettek rendszere
@linuxmint_hun
30 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePoint ToolPane Authentication Bypass Vulnerability (CVE-2025-53771) #AuthenticationBypassVulnerability #CVE202553771 #CyberSecurity #Microsoft #MicrosoftSharePointServer https://t.co/VDMqbQQFiA https://t.co/jb1HhNG4Ja
@SystemTek_UK
28 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【脅威分析レポート】CVE-2025-53770およびCVE-2025-53771 オンプレミスのMicrosoft SharePoint Serverに影響を与える2つの脆弱性の悪用についての調査結果を解説しています。 詳しくは👇 https://t.co/D1Zk9vCunI #Cybereason #サ
@cybereasonjp
28 Jul 2025
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New ‘ToolShell’ Exploit Chain Targets SharePoint Servers via CVE-2025-53770 and CVE-2025-53771 https://t.co/MH9Lhxa7x8
@DCICyberSecNews
27 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The latest SharePoint 0-day attack chain (CVE-2025-53770 + CVE-2025-53771) results in unauthenticated RCE on on-prem servers. I break down how it was discovered, how it works, and how to protect your servers in this new video. PLUS a demo of the exploit working in a lab https://
@0xTib3rius
26 Jul 2025
8442 Impressions
28 Retweets
186 Likes
61 Bookmarks
2 Replies
4 Quotes
Urgent SharePoint Vulnerability Alert Unknown attackers are actively exploiting two critical vulnerabilities in SharePoint Server 2016, 2019, and the Subscription Edition — CVE-2025-53770 (CVSS 9.8) and CVE-2025-53771 (CVSS 6.3). These flaws allow remote execution of malicious
@KasperskyKSA
26 Jul 2025
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🌩️ @Microsoft 𝚂𝚑𝚊𝚛𝚎𝙿𝚘𝚒𝚗𝚝 𝟢-𝙳𝚊𝚢 𝚂𝚙𝚛𝚎𝚊𝚍𝚜 𝚆𝚊𝚛𝚕𝚘𝚌𝚔 𝚁𝚊𝚗𝚜𝚘𝚖𝚠𝚊𝚛𝚎 🌩️🔓 #cyber_security_highlights 💡 𝙾𝚟𝚎𝚛𝚟𝚒𝚎𝚠 #did_you_know_that @Mic
@MahRabie
26 Jul 2025
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[ZDI-25-652|CVE-2025-53771] (Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability (CVSS 6.5; Credit: Viettel Cyber Security) https://t.co/PimSmtKc7A
@TheZDIBugs
25 Jul 2025
836 Impressions
3 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Emergency SharePoint RCE Warning – CVE-2025-53770 & CVE-2025-53771 Under Active Exploit - IT SPARC Cast - CVE of the Week
@ITSPARCCast
25 Jul 2025
56052 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
In this episode of IT SPARC Cast - CVE of The Week, @john_Video and @loudoggeek sound the alarm on two critical zero-day vulnerabilities impacting on-premise Microsoft SharePoint servers: CVE-2025-53770 and CVE-2025-53771. Exploited via a chained attack called “ToolShell,” th
@ITSPARCCast
25 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploiting Sharepoint 0-day Vulnerability to Deploy Warlock Ransomware https://t.co/eB5I7DEyG7 Microsoft has issued urgent warnings about active exploitation of critical SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 by multiple threat actors, including t
@f1tym1
25 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-day alert @ESETresearch uncovered active exploitation of CVE-2025-53770 and CVE-2025-53771 - ToolShell attacks targeting Microsoft SharePoint servers. The US tops the list with 13.3% of global hits. Watch @TonyAtESET explain the latest findings. https://t.co/n4pU32HrtS
@ESET
25 Jul 2025
32 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: Chinese hackers are actively exploiting #SharePoint "ToolShell" zero-days (CVE-2025-53770 & CVE-2025-53771) to deploy ransomware & steal data. 3 threat groups targeting thousands of orgs worldwide. PATCH NOW! https://t.co/cRPuWTocpn #CyberSecurity #toolsh
@cyberkendra
24 Jul 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SharePoint vulnerabilities CVE-2025-53770 & CVE-2025-53771 are under active attack! Learn how the ToolShell exploit chain targets on-premises SharePoint servers and how Vectra AI’s platform detects and stops these threats before they escalate. 🔒 Stay ahead o
@Vectra_AI
24 Jul 2025
108 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePoint Vulnerabilities Exploitation and Ransomware Escalation(CVE-2025-53770 and CVE-2025-53771): https://t.co/A9O2xcD8b0
@Iambivash007
24 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Срочно обновите Microsoft Sharepoint #CVE-2025-53770 и #CVE-2025-53771 https://t.co/KaCdyHoOIj
@kilin_vr
24 Jul 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese hackers Storm-2603 are now exploiting SharePoint zero-days CVE-2025-53770 and CVE-2025-53771 to deploy Warlock ransomware, using web shells, GPOs, and credential theft tools to maintain persistent access worldwide. #CyberThreat #SharePoint https://t.co/6b844Ey3r1
@TweetThreatNews
24 Jul 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771) https://t.co/VrzCJYymiw
@S0ufi4n3
24 Jul 2025
782 Impressions
3 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
ToolShell脆弱性攻撃チェーン(CVE-2025-53770+CVE-2025-53771)に対応するMetasploitモジュールが公表された。 https://t.co/SjU0ozaHO3
@__kokumoto
24 Jul 2025
1523 Impressions
1 Retweet
21 Likes
4 Bookmarks
0 Replies
0 Quotes
#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. https://t.co/NssYU2rZTg 1/5
@ESETresearch
24 Jul 2025
7248 Impressions
39 Retweets
92 Likes
32 Bookmarks
3 Replies
0 Quotes
Thanks to a scan conducted by @leak_ix, we have shared SharePoint IPs confirmed vulnerable to CVE-2025-53770, CVE-2025-53771. 424 SharePoint IPs found on 2025-07-23. One-off data in our Vulnerable HTTP report - https://t.co/qxv0Gv5ELc Tree map: https://t.co/e8WGDJEwgh https:/
@Shadowserver
24 Jul 2025
4572 Impressions
19 Retweets
40 Likes
19 Bookmarks
2 Replies
0 Quotes
🚨 Critical Alert: Zero-Day in SharePoint under attack! CVE-2025-53770 is allowing remote code execution on SharePoint 2016, 2019, & Subscription Editions. 🛡️ Also, CVE-2025-53771 helps bypass past mitigations. Patch up NOW! Get our #threatadvisory here: https://t.co/4
@sequretek_sqtk
24 Jul 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePointの深刻な脆弱性に対する攻撃が活発化 PoCも公開(CVE-2025-53770,CVE-2025-53771,CVE-2025-49704,CVE-2025-49706)|セキュリティとITのニュース-セキュリティ対策Lab https://t.co/enCPPrwlcM
@Luke06121
24 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SharePoint Vulnerabilities in the Wild 🚨 Trustwave's SpiderLabs just published a new deep dive on the active exploitation of two critical SharePoint zero-days: CVE-2025-53770 (RCE) and CVE-2025-53771 (path traversal). These flaws are being leveraged by threat ac
@SpiderLabs
23 Jul 2025
446 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Analyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771), (Wed, Jul 23rd) https://t.co/nMSt4DrCST #SANS #Cybersecurity https://t.co/scHquE5g3n
@PoseidonTPA
23 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Threat Intel is tracking widespread exploitation of on-prem SharePoint vulns: CVE-2025-53770 & CVE-2025-53771. This is a severe threat. We recommend patching, threat hunting and rotating keys. Learn more, incl. how to detect this threat in Google SecOps:
@JumpforJoyce
23 Jul 2025
19818 Impressions
43 Retweets
153 Likes
46 Bookmarks
4 Replies
6 Quotes
Analyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771) https://t.co/jSIMEGshh1 https://t.co/6OLwDdL1Bz
@sans_isc
23 Jul 2025
1525 Impressions
2 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
As promised, our #SharePoint adventure with CVE-2025-53770 and CVE-2025-53771, including payloads and vulnerability checker! https://t.co/NbaDwsEyfA
@leak_ix
23 Jul 2025
20671 Impressions
70 Retweets
275 Likes
151 Bookmarks
2 Replies
2 Quotes
🚨 We have updated our advisory on the vulnerabilities affected Microsoft SharePoint Enterprise Server 2016, SharePoint Server Subscription Edition & SharePoint Server 2019 (CVE-2025-53770 and CVE-2025-53771). You can find the updated advisory here: https://t.co/idAxnm1v3n
@ncsc_gov_ie
23 Jul 2025
272 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePointの深刻な脆弱性に対する攻撃が活発化 PoCも公開 CVE-2025-53770,CVE-2025-53771,CVE-2025-49704,CVE-2025-49706 #セキュリティ対策Lab #セキュリティ #Security https://t.co/N8UBX4LzCk
@securityLab_jp
23 Jul 2025
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Miami! SharePoint Servers under attack! 🚨 Attackers are actively exploiting two major SharePoint vulnerabilities (CVE-2025-53770, CVE-2025-53771), impacting over 75 organizations, including several here in South Florida. This is a pretty bad RCE, patch your SharePoint ser
@ethicalkiwi
23 Jul 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Miami! SharePoint Servers under attack! 🚨🚨 Attackers are actively exploiting two major SharePoint vulnerabilities (CVE-2025-53770, CVE-2025-53771), impacting over 75 organizations, including several here in South Florida. This is a pretty bad RCE, patch your SharePoint
@ethicalkiwi
23 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1677A89-14A2-496E-A2EB-387B1BFE876C",
"versionEndExcluding": "16.0.18526.20508"
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
],
"operator": "OR"
}
]
}
]