CVE-2025-53771

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-53771
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 Vendor Advisory
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ Press/Media Coverage
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
History

14 Aug 2025, 17:29

Type Values Removed Values Added
CPE cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*
First Time Microsoft
Microsoft sharepoint Server
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 - Vendor Advisory
References () https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ - () https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ - Press/Media Coverage

31 Jul 2025, 20:15

Type Values Removed Values Added
Summary (en) Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. (en) Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

22 Jul 2025, 21:15

Type Values Removed Values Added
CWE CWE-20
CWE-22
CWE-707		 CWE-287
Summary (en) Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. (en) Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVSS v2 : unknown
v3 : 7.1 		v2 : unknown
v3 : 6.5

22 Jul 2025, 13:06

Type Values Removed Values Added
Summary
  • (es) La limitación incorrecta de una ruta de acceso a un directorio restringido ('path traversal') en Microsoft Office SharePoint permite que un atacante autorizado realice suplantación de identidad a través de una red.

21 Jul 2025, 22:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.3 		v2 : unknown
v3 : 7.1

21 Jul 2025, 00:15

Type Values Removed Values Added
References
  • () https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ -

20 Jul 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-20 23:15

Updated : 2025-08-14 17:29

NVD link : CVE-2025-53771

Mitre link : CVE-2025-53771

CVE.ORG link : CVE-2025-53771

JSON object : View

Products Affected

microsoft

  • sharepoint_server
CWE
CWE-287

Improper Authentication