Critical SharePoint Vulnerabilities: CVE-2025-53770 and CVE-2025-53771

Critical SharePoint Vulnerabilities: CVE-2025-53770 and CVE-2025-53771

Critical zero-day vulnerabilities in Microsoft SharePoint on-premises servers, CVE-2025-53770 and CVE-2025-53771, have been actively exploited, with numerous servers compromised across various sectors.

CVE-2025-53770 is a remote code execution vulnerability; this flaw enables attackers to execute harmful code on the server remotely, without the need for any authentication. The flaw arises from the deserialization of untrusted data.

CVE-2025-53771 is a spoofing vulnerability, allowing attackers with any level of access to the system to manipulate the file path and perform unauthorized actions.

Microsoft has released patches for SharePoint Server 2019, SharePoint Subscription Edition, and SharePoint Server 2016. If organizations are unable to patch immediately, they are recommended to enable Antimalware Scan Interface (AMSI) integration and deploying Microsoft Defender Antivirus on all SharePoint servers. If these measures cannot be implemented, disconnect the SharePoint server from the internet temporarily until fixes become available. Additionally, after patching or enabling AMSI, it is crucial to rotate SharePoint's machine keys to prevent further misuse of the previously compromised services.


To resolve this issue, here are the supported patches:

Patch ID

Patch name

Description

42005

sts2019-kb5002754-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Server 2019 Core (KB5002754)

42006

uber-subscription-kb5002768-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Server Subscription Edition (KB5002768) (Deployment-Only)

42007

sts2016-kb5002760-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002760)

42008

wssloc2016-kb5002759-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Enterprise Server 2016 Language Pack (KB5002759)

42009

wssloc2019-kb5002753-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Server 2019 Language Pack (KB5002753)


Using Patch Manager Plus, Vulnerability Manager Plus, or Endpoint Central, you can deploy these patches. If any patches are missing from your managed systems, go to the Missing Patches section, search for the necessary Patch IDs in the Patch ID column, filter them, and deploy them immediately to protect your systems from this vulnerability.
For more details, check out the full blog post here.

Cheers,

The ManageEngine team

                  New to ADSelfService Plus?