CVE-2025-53770

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server (affected versions not specified)

Description Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. The issue occurs due to a flaw in the deserialization mechanism, enabling an unauthenticated attacker with network access to upload a serialized .NET object for subsequent execution. This flaw has been exploited in the wild, with reports indicating approximately 400 organizations were affected by zero-day attacks linked to Chinese actors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.