CVE-2025-53770: Widespread Exploitation of ToolShell RCE Vulnerability Observed in Microsoft SharePoint On-Premises
Posted: Wed Jul 23, 2025 12:16 am
On July 19, 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances. Originally, no patch was available for this vulnerability, but fixes were released late on the evening of July 20. CVE-2025-53770 is caused by the deserialization of untrusted data, allowing unauthenticated threat actors to execute code remotely over the network. It is a variant of CVE-2025-49706, a medium-severity flaw addressed in Microsoft’s July Patch Tuesday update. SharePoint Online in Microsoft 365 is not affected by this vulnerability.
https://arcticwolf.com/resources/blog/cve-2025-53770/
https://arcticwolf.com/resources/blog/cve-2025-53770/