CVE-2025-53770

Microsoft SharePoint Remote Code Execution (ToolShell) Vulnerability

CVE-2025-53770 is a patch bypass of CVE-2025-49706 and CVE-2025-49704 that enables remote code execution vulnerability affecting Microsoft SharePoint. This deserialization flaw in on-premises SharePoint Server allows unauthorized attackers to execute arbitrary code remotely.

Exploiting this vulnerability can allow an attacker to gain complete control over the affected system. This includes accessing sensitive data, modifying or deleting system resources, and potentially installing malware or creating backdoors.

Mitigations

  • Reference the vendor advisory and upgrade to the latest patched version of Microsoft SharePoint.

Rapid Response N-Day Testing

Run the Test Now

References

🔗 CVE-2025-53770 

🔗 Vendor Advisory 

🔗 Disrupting active exploitation of on-premises SharePoint vulnerabilities 

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

Read More

CVE-2023-43208

NextGen Mirth Connect Pre-Auth RCE

Read More

CVE-2023-34992

Fortinet FortiSIEM Command Injection

Read More

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Explore NodeZero

Recognized By