Vulnerability DatabaseCVE-2025-3770

CVE-2025-3770:
CBL Mariner vulnerability analysis and mitigation

Overview

A critical vulnerability (CVE-2025-53770) was discovered in on-premises Microsoft SharePoint Server, involving deserialization of untrusted data that allows unauthorized attackers to execute code over a network. The vulnerability was initially disclosed on July 19, 2025, and affects SharePoint Server 2016, 2019, and Subscription Edition. Microsoft confirmed active exploitation in the wild, assigning it a CVSS score of 9.8 (Critical) (Microsoft Update Guide).

Technical details

The vulnerability (CVE-2025-53770) is classified as a deserialization of untrusted data issue (CWE-502). It received a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and high impact on confidentiality, integrity, and availability (Microsoft Update Guide, MSRC Blog).

Impact

The vulnerability enables unauthorized attackers to execute arbitrary code over a network, potentially leading to complete system compromise. The high severity rating indicates significant risks to confidentiality, integrity, and availability of affected SharePoint servers. SharePoint Online in Microsoft 365 is not impacted by this vulnerability (MSRC Blog).

Mitigation and workarounds

Microsoft has released security updates for all affected versions of SharePoint Server. Organizations are advised to immediately apply these updates and implement several mitigations: configure Antimalware Scan Interface (AMSI) integration in SharePoint, deploy Microsoft Defender Antivirus on all SharePoint servers, rotate SharePoint Server ASP.NET machine keys, and restart IIS on all SharePoint servers. If AMSI cannot be enabled, organizations should consider disconnecting affected servers from the Internet until patches are applied (MSRC Blog).

Community reactions

The security community has expressed significant concern over the active exploitation of this vulnerability. Discussions on platforms like Hacker News and social media highlight the critical nature of the threat and the urgency of applying patches. Security researchers have actively shared detection methods and hunting techniques to help organizations identify potential compromises (Hacker News, Dark Reading).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

7

Score

Published August 7, 2025

Severity HIGH

CNA Score 7.0

Affected Technologies

CBL Mariner
Linux Debian

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 4.6

Exploitation Probability (EPSS) N/A

Affected packages and libraries

edk2-ovmf
edk2-tools

Sources

NVD
CBL-Mariner
- CBL-Mariner 3.0 Severity MEDIUMHas FixAdded at: Sep 05, 2025
Debian Security Tracker
- Debian 11 Severity HIGHNo FixAdded at: Aug 10, 2025
- Debian 12, 13 Severity MEDIUMNo FixAdded at: Aug 10, 2025
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related CBL Mariner vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-58063	HIGH	7.1	CBL Mariner	github.com/coredns/coredns	No	Yes	Sep 09, 2025
CVE-2025-9165	MEDIUM	4.8	NixOS	libtiff6-32bit	No	Yes	Aug 19, 2025
CVE-2025-8851	MEDIUM	4.8	NixOS	mingw32-libtiff-static	No	Yes	Aug 11, 2025
CVE-2025-8837	MEDIUM	4.8	NixOS	libjasper4	No	Yes	Aug 11, 2025
CVE-2025-38676	N/A	N/A	Linux Kernel	kernel-rt-debug-modules	No	Yes	Aug 26, 2025