CVE-2025-53770 and CVE-2025-53771: Actively Exploited SharePoint Vulnerabilities
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Two critical vulnerabilities, CVE-2025-53770 and CVE-2025-53771, are affecting Microsoft SharePoint Servers, enabling attackers to upload malicious files and extract cryptographic secrets. These flaws are evolutions of previously patched vulnerabilities, CVE-2025-49704 and CVE-2025-49706, which were incompletely remediated. Exploit attempts have been observed across various industries, including finance, education, energy, and healthcare. Microsoft has released patches for SharePoint Subscription Edition and Server 2019, with a patch for Server 2016 pending. The vulnerabilities allow for unauthenticated remote code execution through advanced deserialization techniques and ViewState abuse. Active exploitation in the wild has been confirmed, compromising on-premises SharePoint environments globally.
OPENCTI LABELS :
remote code execution,cve-2025-53771,cve-2025-53770,cve-2025-49704,cve-2025-49706,microsoft sharepoint,viewstate abuse,deserialization,unauthenticated attacks
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
CVE-2025-53770 and CVE-2025-53771: Actively Exploited SharePoint Vulnerabilities