CVE-2025-53771

CVSS v2.0

7.5

Vector

AV:N/AC:L/Au:S/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint Server (affected versions not specified)

Description The issue involves improper authentication and path traversal in Microsoft Office SharePoint Server. This allows an unauthorized attacker to perform spoofing over a network. The vulnerability is actively being exploited, with reports indicating approximately 400+ compromised systems globally. Exploitation can lead to credential theft and privileged access. The vulnerability is a patch bypass, meaning systems may still be vulnerable even after applying previous fixes. A key indicator of exploitation involves network requests to the

/ layouts/15/ToolPane.aspx

endpoint. The vulnerability allows for remote code execution (RCE) through the

ToolPane.aspx

page by sending a specially crafted POST request with

DisplayMode=Edit

, potentially leading to full server compromise, including web shell installation and system control.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Improper Neutralization

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-707CWE-20CWE-22

Related Identifiers

BDU:2025-08787

CVE-2025-53771

ZDI-25-652

Affected Products

Sharepoint Server

CVE-2025-53771

Weakness Enumeration

Related Identifiers

Affected Products

References · 271