CVE-2025-53771 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
microsoft	CNA	7.1 HIGH				CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Vulnerability Media Exposure

[GERMAN] Zero-Day-Lücke: Hacker attackieren massenhaft Microsoft-Sharepoint-Instanzen
Wer einen Sharepoint-Server betreibt, sollte dringend handeln. Hacker hebeln derzeit aktiv einen Patch für eine kritische Sicherheitslücke aus. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/microsoft/">Microsoft</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=198299&page=1&ts=1753081921" width="1" />
Published: 2025-07-21T09:12:10+02:00
[ENGLISH] Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has been addressed with "more robust protections." The tech giant acknowledged it's "aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security
Published: 2025-07-21T09:00:00+05:30
[ENGLISH] Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49704 (CVSS score: 8.8), a code injection and remote code execution bug in Microsoft SharePoint Server that was addressed by the tech giant as
Published: 2025-07-20T15:22:00+05:30
[GERMAN] Microsoft SharePoint (On-premises): Mehrere Schwachstellen
Ein entfernter anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in Microsoft SharePoint Server 2019, Microsoft SharePoint Subscription Edition und Microsoft SharePoint Server 2016 ausnutzen, um beliebigen Code auszuführen und Spoofing-Angriffe durchzuführen.
Published: 2025-07-20T22:00:00+00:00
[ENGLISH] ⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More
Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to
Published: 2025-07-21T17:08:00+05:30
[GERMAN] 0-Day in SharePoint wird weltweit für Angriffe genutzt
Eine kritische Zero-Day-Schwachstelle in Microsoft SharePoint gefährdet Unternehmen weltweit. Zwei Behörden in den USA sind bereits angegriffen worden. Microsoft arbeitet an Lösungen für das Problem.
Published: 2025-07-22T07:00:00+02:00
[ENGLISH] Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access
The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software
Published: 2025-07-22T13:29:00+05:30

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771

https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/