- Description
- Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- sharepoint_server
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-287
- Hype score
- Not currently trending
2025年 実際に悪用された高リスク脆弱性 Top10 1 Langflow 未認証コード実行 CVE-2025-3248 2 Microsoft SharePoint Server RCE(ToolShell) CVE-2025-53770 / CVE-2025-53771 3 sudo 権限昇格(chroot処理不備) CVE-2025-32463 4 Docker Desktop コンテ
@yousukezan
1 Jan 2026
1476 Impressions
1 Retweet
15 Likes
7 Bookmarks
0 Replies
0 Quotes
#DFIR #Blue_Team_Techniques #Purple_Team_Exercises 1⃣ Hunting for SharePoint In-Memory ToolShell Payloads (CVE-2025-53770, CVE-2025-53771) https://t.co/1H3yTQ1eGr // A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decodi
@ksg93rd
3 Dec 2025
616 Impressions
3 Retweets
2 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 Back in July, our team detected and blocked widespread exploitation of an MS SharePoint zero-day chain (CVE-2025-49706, CVE-2025-49704, CVE-2025-53770, & CVE-2025-53771) targeting multiple sectors. 🔗 Get full details and mitigation guidance: https://t.co/FJO0hXZQjF h
@FortiGuardLabs
10 Nov 2025
241 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-53771 - medium 🚨 Microsoft SharePoint Server - Authentication Bypass (ToolShell) > Microsoft Office SharePoint Server contains an improper authentication vulnerability ... 👾 https://t.co/klKPQR1liJ @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
19 Oct 2025
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hello! Today’s 1day1line is about CVE-2025-53770 (RCE) & CVE-2025-53771 (Auth bypass) in SharePoint — linked to earlier CVE-2025-49704 & 49706. These vulnerabilities affect on-premises Microsoft SharePoint. Check out the post! https://t.co/poMIov7NA5
@hackyboiz
20 Sept 2025
2499 Impressions
12 Retweets
49 Likes
22 Bookmarks
1 Reply
0 Quotes
https://t.co/r0XB1DhEnq 🗣🇨🇵Alerte ANSSI : #Microsoft #SharePoint Server signale la vulnérabilité CVE-2025-53771 permet à un attaquant de provoquer une usurpation d'identité sur un réseau, une vielle faille déjà présente sur SharePoint Enterprise Server 2010 et 2
@IvanFeghali
8 Sept 2025
89 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Trellix researchers look into a recent wave of exploitation targeting ToolShell vulnerabilities in Microsoft SharePoint Server (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771). https://t.co/oeIcaLYlcX https://t.co/SSiUr8XHAN
@virusbtn
5 Sept 2025
1402 Impressions
7 Retweets
29 Likes
8 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-53770 CVE-2025-43300 CVE-2025-5777 CVE-2024-21887 CVE-2023-46604 (@ThreatBookLabs) CVE-2025-7776 CVE-2025-54309 CVE-2025-7775 CVE-2025-53771 https://t.co/q4Rx5wWFSt
@ptdbugs
29 Aug 2025
286 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#Proactive #Security for CVE-2025-53770 and CVE-2025-53771 #SharePoint_Attacks https://t.co/tloLD9OPvK https://t.co/hcUdHNHgIF
@omvapt
22 Aug 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Proactive_Security for CVE-2025-53770 and CVE-2025-53771 #SharePoint_Attacks https://t.co/bC4ahVz4UO https://t.co/0kySI9Tg2R
@omvapt
21 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53770 (CVSS 9.8) and CVE-2025-53771 - also known as the SharePoint Zero Days - allow unauthenticated attackers to seize control of servers, steal cryptographic keys, and plant persistent backdoors. What started as 75 confirmed breaches has now grown to 400+ https://t.co
@ExtraHop
21 Aug 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New IOC Alert → CVE-2025-53770 and CVE-2025-53771: Actively Exploited SharePoint Vulnerabilities. ■ Indicator: CVE-2025-49704
@CTI131
21 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New IOC Alert → SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know. ■ Indicator: CVE-2025-23266
@CTI131
20 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【漏洞工具】SharePoint 2025 RCE 图形化漏洞利用工具 相关 CVE 编号为: CVE-2025-53770 CVE-2025-53771 CVE-2025-49704 CVE-2025-49706 https://t.co/8DPcYBYCq4 https://t.co/lts8kW1swv
@cybersecuritysl
19 Aug 2025
1260 Impressions
7 Retweets
18 Likes
16 Bookmarks
0 Replies
0 Quotes
Ah bah effectivement… ça n’aura pas traîné 😬 Plus de 400 serveurs #SharePoint déjà compromis via les zero-day CVE-2025-53770 & CVE-2025-53771, attribués à 3 groupes chinois 👉 https://t.co/hD2yQB1HML
@Guardia_School
19 Aug 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53770 and CVE-2025-53771 evolved from vulnerabilities first disclosed at Pwn2Own Berlin 2025. Through @thezdi, Trend Micro has provided proactive defense and protection for customers since May. Be proactive in staying ahead of these vulnerabilities:⬇️
@trendai_RSRCH
14 Aug 2025
357 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Decoys / Honeypots to Deploy This Week - go get that 0day payload!🧵 1. Microsoft SharePoint - Still receiving a lot of buzz and activity from the recent big vulnerabilities CVE-2025-53770 and CVE-2025-53771 https://t.co/gvtbrJhTdz
@DefusedCyber
13 Aug 2025
739 Impressions
2 Retweets
8 Likes
4 Bookmarks
1 Reply
0 Quotes
We explored how CVE-2025-53770 and CVE-2025-53771 evolved from earlier vulnerabilities, using deserialization and ViewState mechanisms to allow unauthenticated remote code execution. Discover the complexities of these vulnerabilities:⬇️ https://t.co/PqCWrvrxLp
@trendai_RSRCH
7 Aug 2025
934 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-53770 and CVE-2025-53771 evolved from vulnerabilities first disclosed at Pwn2Own Berlin 2025. Through @thezdi, Trend Micro has provided proactive defense and protection for customers since May. Be proactive in staying ahead of these vulnerabilities:⬇️
@trendai_RSRCH
6 Aug 2025
924 Impressions
7 Retweets
14 Likes
0 Bookmarks
0 Replies
0 Quotes
New cyber threat: ToolShell is exploiting #SharePoint flaws (CVE-2025-53770 & CVE-2025-53771) for full server access — no login needed. Learn how it works + how to defend against it: Critical Cyber Update: https://t.co/pzkn6AelYy #Cybersecurity #MatriumInsights #ToolShel
@Matrium_Tech
4 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The zero-day in Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771) has been known for a few days now. What exactly happened, how was the #zeroday discovered, and are we sure we caught it in time (if that’s possible)? https://t.co/eKNwY8JxSz
@michael_gazzano
3 Aug 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
: تنبيه أمني عاجل لمستخدمي SharePoint مهاجمون مجهولون يستغلون ثغرتين خطيرتين في SharePoint Server 2016 و2019 والإصدار الاشتراكي — CVE-2025-53770 (تقييم خطورة 9.8) وCVE-2025-53771 (تقييم
@KasperskyKSA
3 Aug 2025
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SharePoint vulnerabilities CVE-2025-53770 & CVE-2025-53771 are under active attack! Learn how the ToolShell exploit chain targets on-premises SharePoint servers and how Vectra AI’s platform detects and stops these threats before they escalate. 🔒 Stay ahead of
@Vectra_AI
30 Jul 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft biztonsági frissítések SharePoint nulladik napi sebezhetőségekhez A Microsoft SharePoint biztonsági frissítéseket adott ki a CVE-2025-53770 és a CVE-2025-53771 azonosítójú két nulladik napi sebezhetőséghez, amelyek világszerte veszélyeztettek rendszere
@linuxmint_hun
30 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePoint ToolPane Authentication Bypass Vulnerability (CVE-2025-53771) #AuthenticationBypassVulnerability #CVE202553771 #CyberSecurity #Microsoft #MicrosoftSharePointServer https://t.co/VDMqbQQFiA https://t.co/jb1HhNG4Ja
@SystemTek_UK
28 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【脅威分析レポート】CVE-2025-53770およびCVE-2025-53771 オンプレミスのMicrosoft SharePoint Serverに影響を与える2つの脆弱性の悪用についての調査結果を解説しています。 詳しくは👇 https://t.co/D1Zk9vCunI #Cybereason #サ
@cybereasonjp
28 Jul 2025
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New ‘ToolShell’ Exploit Chain Targets SharePoint Servers via CVE-2025-53770 and CVE-2025-53771 https://t.co/MH9Lhxa7x8
@DCICyberSecNews
27 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The latest SharePoint 0-day attack chain (CVE-2025-53770 + CVE-2025-53771) results in unauthenticated RCE on on-prem servers. I break down how it was discovered, how it works, and how to protect your servers in this new video. PLUS a demo of the exploit working in a lab https://
@0xTib3rius
26 Jul 2025
8442 Impressions
28 Retweets
186 Likes
61 Bookmarks
2 Replies
4 Quotes
Urgent SharePoint Vulnerability Alert Unknown attackers are actively exploiting two critical vulnerabilities in SharePoint Server 2016, 2019, and the Subscription Edition — CVE-2025-53770 (CVSS 9.8) and CVE-2025-53771 (CVSS 6.3). These flaws allow remote execution of malicious
@KasperskyKSA
26 Jul 2025
165 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🌩️ @Microsoft 𝚂𝚑𝚊𝚛𝚎𝙿𝚘𝚒𝚗𝚝 𝟢-𝙳𝚊𝚢 𝚂𝚙𝚛𝚎𝚊𝚍𝚜 𝚆𝚊𝚛𝚕𝚘𝚌𝚔 𝚁𝚊𝚗𝚜𝚘𝚖𝚠𝚊𝚛𝚎 🌩️🔓 #cyber_security_highlights 💡 𝙾𝚟𝚎𝚛𝚟𝚒𝚎𝚠 #did_you_know_that @Mic
@MahRabie
26 Jul 2025
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[ZDI-25-652|CVE-2025-53771] (Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability (CVSS 6.5; Credit: Viettel Cyber Security) https://t.co/PimSmtKc7A
@TheZDIBugs
25 Jul 2025
836 Impressions
3 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Emergency SharePoint RCE Warning – CVE-2025-53770 & CVE-2025-53771 Under Active Exploit - IT SPARC Cast - CVE of the Week
@ITSPARCCast
25 Jul 2025
56052 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
In this episode of IT SPARC Cast - CVE of The Week, @john_Video and @loudoggeek sound the alarm on two critical zero-day vulnerabilities impacting on-premise Microsoft SharePoint servers: CVE-2025-53770 and CVE-2025-53771. Exploited via a chained attack called “ToolShell,” th
@ITSPARCCast
25 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploiting Sharepoint 0-day Vulnerability to Deploy Warlock Ransomware https://t.co/eB5I7DEyG7 Microsoft has issued urgent warnings about active exploitation of critical SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 by multiple threat actors, including t
@f1tym1
25 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-day alert @ESETresearch uncovered active exploitation of CVE-2025-53770 and CVE-2025-53771 - ToolShell attacks targeting Microsoft SharePoint servers. The US tops the list with 13.3% of global hits. Watch @TonyAtESET explain the latest findings. https://t.co/n4pU32HrtS
@ESET
25 Jul 2025
32 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: Chinese hackers are actively exploiting #SharePoint "ToolShell" zero-days (CVE-2025-53770 & CVE-2025-53771) to deploy ransomware & steal data. 3 threat groups targeting thousands of orgs worldwide. PATCH NOW! https://t.co/cRPuWTocpn #CyberSecurity #toolsh
@cyberkendra
24 Jul 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SharePoint vulnerabilities CVE-2025-53770 & CVE-2025-53771 are under active attack! Learn how the ToolShell exploit chain targets on-premises SharePoint servers and how Vectra AI’s platform detects and stops these threats before they escalate. 🔒 Stay ahead o
@Vectra_AI
24 Jul 2025
108 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePoint Vulnerabilities Exploitation and Ransomware Escalation(CVE-2025-53770 and CVE-2025-53771): https://t.co/A9O2xcD8b0
@cyberbivash
24 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Срочно обновите Microsoft Sharepoint #CVE-2025-53770 и #CVE-2025-53771 https://t.co/KaCdyHoOIj
@kilin_vr
24 Jul 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chinese hackers Storm-2603 are now exploiting SharePoint zero-days CVE-2025-53770 and CVE-2025-53771 to deploy Warlock ransomware, using web shells, GPOs, and credential theft tools to maintain persistent access worldwide. #CyberThreat #SharePoint https://t.co/6b844Ey3r1
@TweetThreatNews
24 Jul 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771) https://t.co/VrzCJYymiw
@S0ufi4n3
24 Jul 2025
782 Impressions
3 Retweets
12 Likes
3 Bookmarks
0 Replies
0 Quotes
ToolShell脆弱性攻撃チェーン(CVE-2025-53770+CVE-2025-53771)に対応するMetasploitモジュールが公表された。 https://t.co/SjU0ozaHO3
@__kokumoto
24 Jul 2025
1523 Impressions
1 Retweet
21 Likes
4 Bookmarks
0 Replies
0 Quotes
#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. https://t.co/NssYU2rZTg 1/5
@ESETresearch
24 Jul 2025
7248 Impressions
39 Retweets
92 Likes
32 Bookmarks
3 Replies
0 Quotes
Thanks to a scan conducted by @leak_ix, we have shared SharePoint IPs confirmed vulnerable to CVE-2025-53770, CVE-2025-53771. 424 SharePoint IPs found on 2025-07-23. One-off data in our Vulnerable HTTP report - https://t.co/qxv0Gv5ELc Tree map: https://t.co/e8WGDJEwgh https:/
@Shadowserver
24 Jul 2025
4572 Impressions
19 Retweets
40 Likes
19 Bookmarks
2 Replies
0 Quotes
🚨 Critical Alert: Zero-Day in SharePoint under attack! CVE-2025-53770 is allowing remote code execution on SharePoint 2016, 2019, & Subscription Editions. 🛡️ Also, CVE-2025-53771 helps bypass past mitigations. Patch up NOW! Get our #threatadvisory here: https://t.co/4
@sequretek_sqtk
24 Jul 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft SharePointの深刻な脆弱性に対する攻撃が活発化 PoCも公開(CVE-2025-53770,CVE-2025-53771,CVE-2025-49704,CVE-2025-49706)|セキュリティとITのニュース-セキュリティ対策Lab https://t.co/enCPPrwlcM
@Luke06121
24 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SharePoint Vulnerabilities in the Wild 🚨 Trustwave's SpiderLabs just published a new deep dive on the active exploitation of two critical SharePoint zero-days: CVE-2025-53770 (RCE) and CVE-2025-53771 (path traversal). These flaws are being leveraged by threat ac
@SpiderLabs
23 Jul 2025
446 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Analyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771), (Wed, Jul 23rd) https://t.co/nMSt4DrCST #SANS #Cybersecurity https://t.co/scHquE5g3n
@PoseidonTPA
23 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Threat Intel is tracking widespread exploitation of on-prem SharePoint vulns: CVE-2025-53770 & CVE-2025-53771. This is a severe threat. We recommend patching, threat hunting and rotating keys. Learn more, incl. how to detect this threat in Google SecOps:
@JumpforJoyce
23 Jul 2025
19818 Impressions
43 Retweets
153 Likes
46 Bookmarks
4 Replies
6 Quotes
Analyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771) https://t.co/jSIMEGshh1 https://t.co/6OLwDdL1Bz
@sans_isc
23 Jul 2025
1525 Impressions
2 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"matchCriteriaId": "E1677A89-14A2-496E-A2EB-387B1BFE876C",
"versionEndExcluding": "16.0.18526.20508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]