CVE-2025-53771
Microsoft Office SharePoint Path Traversal Spoofing
Description
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
INFO
Published Date :
July 20, 2025, 11:15 p.m.
Last Modified :
Aug. 14, 2025, 5:29 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-53771
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|---|
CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Apply latest security updates from Microsoft.
- Review and strengthen authentication configurations.
- Monitor network for suspicious activities.
Public PoC/Exploit Available at Github
CVE-2025-53771 has a 11 public
PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-53771
.
URL | Resource |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 | Vendor Advisory |
https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ | Press/Media Coverage |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-53771
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-53771
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
CVE-2025-53770 - SharePoint
SharePoint 2025 RCE Exploitation GUI
Python Ruby
A comprehensive penetration testing framework with a modular architecture for security researchers, penetration testers, and ethical hackers.
Python Shell
Sharepoint ToolPane - PoC
sharepoint zeroday cve-2025-53770 cve-2025-53771
Python
#AI powered OSINT pipeline that automates the transformation of Google Dorks into actionable threat intelligence and structured STIX 2.1 reports.
Python Shell
Scans Windows IIS logs for signs of CVE-2025-53770 & CVE-2025-53771
PowerShell
None
PowerShell
A Python-based reconnaissance scanner for safely identifying potential exposure to SharePoint vulnerability CVE-2025-53770.
blueteam cve cve-2025-53770 infosec osint pentest reconnaissance security-tool sharepoint sharepoint-2016 vulnerability
Python
Honeypot for CVE-2025-53770 aka ToolShell
Python Shell YARA
Interviews and appearances in social media
SecDB - Security Feeds
cve security-feeds vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-53771
vulnerability anywhere in the article.

-
nextron-systems.com
When Best Practices Aren’t Enough: UK Breaches Underscore the Importance of Compromise Assessments
Despite extensive guidance from national authorities, several prominent UK organizations have recently suffered significant cyber attacks. Incidents at Colt Technology Services, Marks & Spencer, and F ... Read more

-
AttackIQ
Emulating the Expedited Warlock Ransomware
Introduction Warlock is a ransomware strain operating under the Ransomware-as-a-Service (RaaS) model that emerged in June 2025, following an advertisement on the Russian Anonymous Marketplace (RAMP) w ... Read more

-
TheCyberThrone
Microst Restricts MAPP with China
The summer of 2025 brought a seismic shift in the way Microsoft engages with the global cybersecurity community. At the heart of the story: a wave of massive attacks against on-premises SharePoint ser ... Read more

-
Trend Micro
Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware
Key takeaways Warlock ransomware operators exploited vulnerable Microsoft SharePoint servers, using targeted HTTP POST requests to upload web shells, enabling reconnaissance and credential theft. More ... Read more

-
The Cyber Express
Qilin Remains Top Ransomware Group as Attacks Rise
Qilin continues to stake a claim as the top ransomware group in the wake of the decline of RansomHub earlier this year. In July, Qilin led all ransomware groups in claimed victims for the third time i ... Read more

-
CybersecurityNews
Qilin Ransomware Leads The Attack Landscape With 70+ Claimed Victims in July
The ransomware threat landscape witnessed a concerning surge in July 2025, with the Qilin ransomware group maintaining its dominant position for the third time in four months. The group successfully c ... Read more

-
Help Net Security
Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)
For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal flaw in Windows Kerberos (C ... Read more

-
Help Net Security
August 2025 Patch Tuesday forecast: Try, try, again
July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft re ... Read more

-
The Register
CISA releases malware analysis for Sharepoint Server attack
CISA has published a malware analysis report with compromise indicators and Sigma rules for "ToolShell" attacks targeting specific Microsoft SharePoint Server versions. "Cyber threat actors have chain ... Read more

-
security.nl
VS deelt informatie over malware aangetroffen bij SharePoint-aanvallen
Het Amerikaanse cyberagentschap CISA heeft informatie gedeeld over malware die bij recente aanvallen tegen Microsoft SharePoint-servers is aangetroffen. Met de informatie kunnen organisaties kijken of ... Read more

-
Daily CyberSecurity
CISA Warns of “ToolShell”: Critical Exploit Chain Hits SharePoint Servers, Bypasses Authentication
The Cybersecurity and Infrastructure Security Agency (CISA) has released an in-depth Malware Analysis Report warning of a sophisticated exploitation campaign targeting on-premises Microsoft SharePoint ... Read more

-
CybersecurityNews
Chinese Hackers Exploit SharePoint Vulnerabilities to Deploy Toolsets Includes Backdoor, Ransomware and Loaders
A sophisticated Chinese threat actor has been exploiting critical vulnerabilities in Microsoft SharePoint to deploy an advanced malware toolset dubbed “Project AK47,” according to new research publish ... Read more
-
CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more
-
CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more
-
CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more
-
CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more

-
BleepingComputer
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 o ... Read more
-
CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more
-
CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more
-
CrowdStrike.com
CrowdStrike Detects and Blocks Initial SharePoint Zero-Day Exploitation
Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon® Complete Next-Gen MDR and CrowdStrike Falcon® Adversary OverWatch™ identified a wave of Microsoft SharePoint exploitation att ... Read more
The following table lists the changes that have been made to the
CVE-2025-53771
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Aug. 14, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:* versions up to (excluding) 16.0.18526.20508 Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 Types: Vendor Advisory Added Reference Type CVE: https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ Types: Press/Media Coverage -
CVE Modified by [email protected]
Jul. 31, 2025
Action Type Old Value New Value Changed Description Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. -
CVE Modified by [email protected]
Jul. 22, 2025
Action Type Old Value New Value Changed Description Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Removed CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Added CWE CWE-287 Removed CWE CWE-22 Removed CWE CWE-20 Removed CWE CWE-707 -
CVE Modified by [email protected]
Jul. 21, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Removed CVSS V3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Jul. 21, 2025
Action Type Old Value New Value Added Reference https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/ -
New CVE Received by [email protected]
Jul. 20, 2025
Action Type Old Value New Value Added Description Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Added CVSS V3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N Added CWE CWE-22 Added CWE CWE-20 Added CWE CWE-707 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771