Critical SharePoint Vulnerabilities: CVE-2025-53770 and CVE-2025-53771

Critical SharePoint Vulnerabilities: CVE-2025-53770 and CVE-2025-53771

Critical zero-day vulnerabilities in Microsoft SharePoint on-premises servers, CVE-2025-53770 and CVE-2025-53771, have been actively exploited, with numerous servers compromised across various sectors.

CVE-2025-53770 is a remote code execution vulnerability; this flaw enables attackers to execute harmful code on the server remotely, without the need for any authentication. The flaw arises from the deserialization of untrusted data.

CVE-2025-53771 is a spoofing vulnerability, allowing attackers with any level of access to the system to manipulate the file path and perform unauthorized actions.

Microsoft has released patches for SharePoint Server 2019, SharePoint Subscription Edition, and SharePoint Server 2016. If organizations are unable to patch immediately, they are recommended to enable Antimalware Scan Interface (AMSI) integration and deploying Microsoft Defender Antivirus on all SharePoint servers. If these measures cannot be implemented, disconnect the SharePoint server from the internet temporarily until fixes become available. Additionally, after patching or enabling AMSI, it is crucial to rotate SharePoint's machine keys to prevent further misuse of the previously compromised services.

If you are using Vulnerability Manager Plus or Endpoint Central with the Vulnerability Management add-on, you can check for the presence of this vulnerability in your managed systems. Navigate to the Software Vulnerabilities section under Threats and use the Search by CVE ID search bar to look for CVE-2025-53770 and CVE-2025-5377. If this vulnerability is detected in any of your systems, you will be able to view details about all the affected systems.


To resolve this issue, here are the supported patches:

Patch ID

Patch name

Description

42005

sts2019-kb5002754-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Server 2019 Core (KB5002754)

42006

uber-subscription-kb5002768-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Server Subscription Edition (KB5002768) (Deployment-Only)

42007

sts2016-kb5002760-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002760)

42008

wssloc2016-kb5002759-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Enterprise Server 2016 Language Pack (KB5002759)

42009

wssloc2019-kb5002753-fullfile-x64-glb.exe

Security Update for Microsoft SharePoint Server 2019 Language Pack (KB5002753)

 

Using Patch Manager Plus, Vulnerability Manager Plus, or Endpoint Central, you can deploy these patches. If any patches are missing from your managed systems, go to the Missing Patches section, search for the necessary Patch IDs in the Patch ID column, filter them, and deploy them immediately to protect your systems from this vulnerability.

For more details, check out the full blog post here.

Cheers,

The ManageEngine team

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products