Endpoint VulnerabilityMicrosoft SharePoint Server CVE-2025-53770 Remote Code Execution Vulnerability
Description
Deserialization of untrusted data in on-premises Microsoft SharePoint Server enables remote code execution by unauthorized attackers; Microsoft has released updates for SharePoint Server Subscription Edition and SharePoint Server 2019, while SharePoint Online is not affected.
Outbreak Alert
FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This active campaign is being exploited by multiple threat actors and poses a significant risk to a wide range of sectors including government, education, healthcare, and large enterprises.
Affected Applications
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2025-07-23 | 1.00885 |
Modified
|
Microsoft SharePoint Enterprise Server 2016,Microsoft SharePoint Server 2019,Microsoft SharePoint Server Subscription Edition |
| 2025-07-21 | 1.00883 |
New
|
Microsoft SharePoint Enterprise Server 2016,Microsoft SharePoint Server 2019,Microsoft SharePoint Server Subscription Edition |
| ID | 6190 |
| Created | Jul 21, 2025 |
| Description Updated |
Jan 10, 2026 |
| CVE ID | |
| Tags | Microsoft SharePoint Zero-day Threat Signal |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Microsoft SharePoint Enterprise Server 2016 , Microsoft SharePoint Server 2019 , Microsoft SharePoint Server Subscription Edition |