Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-3770
CVE-2025-3770:
Linux Debian vulnerability analysis and mitigation
Overview
A critical vulnerability (CVE-2025-53770) has been identified in on-premises Microsoft SharePoint Server that allows unauthorized attackers to execute code over a network through deserialization of untrusted data. The vulnerability was discovered and disclosed on July 19, 2025, affecting multiple versions of SharePoint Server including SharePoint Server 2019, SharePoint Server 2016 Enterprise, and SharePoint Server Subscription Edition versions up to 16.0.18526.20508. Microsoft has confirmed that this vulnerability is actively being exploited in the wild (Microsoft Advisory).
Technical details
The vulnerability is classified as a deserialization of untrusted data issue (CWE-502) with a CVSS v3.1 base score of 9.8 (CRITICAL), indicating maximum severity across confidentiality, integrity, and availability impacts. The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N) (Microsoft Advisory).
Impact
The exploitation of this vulnerability allows attackers to execute arbitrary code with system privileges on affected SharePoint servers. This can lead to complete system compromise, potentially affecting data confidentiality, integrity, and availability of the SharePoint infrastructure (CISA Alert).
Mitigation and workarounds
While Microsoft prepares a comprehensive patch, they have released interim mitigation guidance. CISA recommends disconnecting public-facing versions of SharePoint Server that have reached EOL/EOS, including SharePoint Server 2013 and earlier versions. For supported versions, organizations should configure AMSI integration in SharePoint and deploy Defender AV on all SharePoint servers (CISA Alert, Microsoft Blog).
Community reactions
The security community has responded with significant concern to this vulnerability, particularly due to its high severity rating and active exploitation. Security researchers and organizations worldwide are tracking the exploitation attempts, with Shadowserver Foundation providing regular updates on the attack patterns (Shadowserver). The vulnerability has garnered extensive media coverage, highlighting the urgency of implementing mitigations (Forbes, Ars Technica).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management