Earlier today, Microsoft published preliminary details regarding the SharePoint vulnerability which is being actively exploited by threat actors. Tracked under CVE-2025-53770, the flaw allows cyber-attackers and unauthorized entities to remotely execute arbitrary code on on-premises SharePoint servers without any authentication.
Microsoft"s Defender Vulnerability Management team reiterated that it is aware of the widespread problem and has issued detailed guidance on flaws, their nature, severity and the patch status. This guidance applies to CVE‑2025‑49704, CVE‑2025‑49706, which have already been patched, as well as CVE‑2025‑53770 and CVE‑2025‑53771 which are receiving patches now:
| CVE | Type | CVSS v3.1 | Patch status |
|---|---|---|---|
| CVE‑2025‑49704 | Improper control of code‑generation → authenticated RCE | 8.8 (High) | Fixed in the 8 July 2025 security updates — Subscription Edition KB 5002768, SharePoint Server 2019 KB 5002741, SharePoint Server 2016 KB 5002744. Microsoft Support |
| CVE‑2025‑49706 | Improper authentication / spoofing | 6.3 (Medium) | Fixed in the same 8 July 2025 updates (KB 5002768 / 5002741 / 5002744). Microsoft Support |
| CVE‑2025‑53770 | Deserialization of untrusted data → unauthenticated RCE | 9.8 (Critical) | Emergency patch released for Subscription Edition KB 5002768 and SharePoint 2019 KB 5002754; patch for SharePoint 2016 is still pending. Microsoft Security Response Center |
| CVE‑2025‑53771 | Path‑traversal / spoofing | 6.3 (Medium) | Addressed by the same emergency updates as CVE‑2025‑53770 (SE KB 5002768, 2019 KB 5002754); SharePoint 2016 fix forthcoming. Microsoft Security Response Center |
Up next, the company has also published a table simplifying the affected SharePoint Server versions across the four vulnerabilities:
| Product | CVE‑2025‑49704 | CVE‑2025‑49706 | CVE‑2025‑53770 | CVE‑2025‑53771 |
|---|---|---|---|---|
| SharePoint Server Subscription Edition | ✅ Affected | ✅ Affected | ✅ Affected | ✅ Affected |
| SharePoint Server 2019 | ✅ Affected | ✅ Affected | ✅ Affected | ✅ Affected |
| SharePoint Server 2016 | ✅ Affected | ✅ Affected | ✅ Affected | ✅ Affected |
| SharePoint Online | ❌ Not affected | ❌ Not affected | ❌ Not affected | ❌ Not affected |
You can find more details here on the official blog post on Microsoft"s Tech Community website.