Back to KEVs

CVE-2025-53771

Microsoft SharePoint Server Spoofing Vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
July 09, 2025
Published Date
July 20, 2025
Last Updated
July 25, 2025
Vendor
Microsoft
Product
Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition
Description
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Tags
microsoft

CVSS Scores

CVSS v3.1

6.5 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

EPSS Score

Score
0.07% (Percentile: 20.49%) as of 2025-07-28

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-07-20 23:45:35 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771

Known Exploited Vulnerability Information

Source Added Date
BleepingComputer 2025-07-20 23:45:29 UTC

Recent Mentions

ZDI-25-652: (Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability

Source: Zero Day Initiative Published Advisories • Published: 2025-07-25 05:00:00 UTC

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-53771.

Infocon: green

Source: SANS Internet Storm Center • Published: 2025-07-23 20:15:04 UTC

Analyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771)

Analyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771), (Wed, Jul 23rd)

Source: SANS Internet Storm Center • Published: 2025-07-23 19:36:36 UTC

A few days after the exploit originally became widely known, there are now many different SharePoint exploit attempts in circulation. We do see some scans by researchers to identify vulnerable systems (or to scan for common artifacts of compromise), and a few variations of the "ToolPane.aspx" URL being hit. Even for our "random" honeypots, the number of hits has increased significantly without having to emulate SharePoint better.

CVE-2025-53770 & CVE-2025-53771

Source: ONYPHE Blog • Published: 2025-07-22 07:48:00 UTC

CVE-2025-53770, nicknamed “ToolShell”, is a critical zero-day vulnerability in Microsoft SharePoint Server that allows unauthenticated remote code execution (RCE). It’s […]

ToolShell: Details of CVEs affecting SharePoint servers

Source: Cisco Talos Blog • Published: 2025-07-21 20:33:02 UTC

Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.

ToolShell: Details of CVEs Affecting SharePoint Servers

Source: Cisco Talos Blog • Published: 2025-07-21 20:33:02 UTC

Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

Source: BleepingComputer • Published: 2025-07-21 04:41:46 UTC

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. [...]

Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

Source: BleepingComputer • Published: 2025-07-20 15:40:06 UTC

Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. [...]

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel