CVE-2025-53771: Microsoft SharePoint Server Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Jul

Released

2025-07-20

Last Updated

2025-07-31

EPSS Score

39.63% (percentile: 97.3%)

Description

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

FAQ

Are the two new CVEs that were released related to the two SharePoint vulnerabilities that were documented by CVE-2025-49704 and CVE-2025-49706? Yes, the update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running? Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

Detection & Weaponization (2 sources)

Maturity: Exploit

• Metasploit modules: Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
• Nuclei templates: Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Affected Products (3)

Microsoft Office

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition

Security Updates (5)

• 5002760
• 5002759
• 5002754
• 5002753
• 5002768

Acknowledgments

fb8a5048b1d8827e8ae96f410d40bf00cc313e3cc307da0df9e18099c9398b51, Anonymous, Viettel Cyber Security with Trend Zero Day Initiative

Revision History

• 2025-07-20: Information published.
• 2025-07-20: The security update is available for Microsoft SharePoint Server 2019. Microsoft strongly encourages customers running this version of SharePoint to install this update as soon as possible.
• 2025-07-21: The security update is available for Microsoft SharePoint Server Subscription Edition. Microsoft strongly encourages customers running this version of SharePoint to install this update as soon as possible.
• 2025-07-21: Added an FAQ and updated the CVSS score. This is an informational change only.
• 2025-07-21: Added an acknowledgement. This is an informational change only.
• 2025-07-22: Updated one or more CVSS scores for the affected products. This is an informational change only.
• 2025-07-22: Updated CWE value. This is an informational change only.
• 2025-07-24: Corrected the Download and Article links in the Security Updates table. This is an informational change only.
• 2025-07-31: Updated the executive summary with current information. This is an informational change only.
• 2025-07-31: Added an FAQ to explain that the security update KB for SharePoint Server 2016 applies to both Microsoft SharePoint Server 2016 and Microsoft SharePoint Enterprise Server 2016. This is an informational change only.