Updated:
Status:
CVEs:
Fortra is actively researching a remote code execution vulnerability in Microsoft SharePoint Server that could allow an unauthenticated attacker to execute code on the affected server.
| CVE | Risk | Score |
|---|---|---|
| CVE-2025-53770 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C | (9.8, Critical) |
This vulnerability only impacts on-premises versions of SharePoint Server and is caused by the deserialization of untrusted data. It could lead to code execution for an unauthenticated user and is currently being actively exploited.
Who is affected?
CVE-2025-53770 impacts the following versions of SharePoint Server:
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
What can I do?
To mitigate this vulnerability and protect themselves, customers should enable AMSI Integration.
The vendor has released the following updates to resolve this vulnerability:
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
Additional information can be found at:
- Vendor Guidance: Customer guidance for SharePoint Vulnerability CVE-2025-53770
- Vendor Advisory: Security Update Guide - Microsoft Security Response Center
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
- Alert Logic: On July 24, 2025, mappings were added to authenticated scans and released in Fusion VM 4.69.1.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated as new information about it and related security coverage becomes available.
- 07/24/2025: Mappings for authenticated scans added and released to Fusion VM.
