CVE-2025-53771

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint Server (affected versions not specified)

Description The issue involves improper authentication and path traversal in Microsoft Office SharePoint Server. This allows an unauthorized attacker to perform spoofing over a network. The vulnerability is actively being exploited, with reports indicating approximately 400+ compromised systems globally. Exploitation can lead to credential theft and privileged access. The vulnerability is a patch bypass, meaning systems may still be vulnerable even after applying previous fixes. A key indicator of exploitation involves network requests to the / layouts/15/ToolPane.aspx endpoint. The vulnerability allows for remote code execution (RCE) through the ToolPane.aspx page by sending a specially crafted POST request with DisplayMode=Edit, potentially leading to full server compromise, including web shell installation and system control.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.