CVE-2025-53771

Опубликовано: 20 июл. 2025

Источник: msrc

CVSS3: 6.5

EPSS Средний

Описание

Microsoft SharePoint Server Spoofing Vulnerability

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

FAQ

Are the two new CVEs that were released related to the two SharePoint vulnerabilities that were documented by CVE-2025-49704 and CVE-2025-49706?

Yes, the update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?

Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?

Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.

Обновления

Продукт	Статья	Обновление
Microsoft SharePoint Enterprise Server 2016	5002760 5002759	Security Update Security Update
Microsoft SharePoint Server 2019	5002754 5002753	Security Update Security Update
Microsoft SharePoint Server Subscription Edition	5002768	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 97%

0.37904

Средний

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-53771

CVSS3: 6.5

nvd

4 месяца назад

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

GHSA-6pmq-337c-gv96

CVSS3: 6.3

github

4 месяца назад

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

BDU:2025-08787

CVSS3: 7.1

fstec

4 месяца назад

Уязвимость пакетов программ Microsoft SharePoint Server и SharePoint Enterprise Server, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю осуществлять спуфинг-атаки

CVE-2025-53770

CVSS3: 9.8

msrc

4 месяца назад

Microsoft SharePoint Server Remote Code Execution Vulnerability

EPSS

Процентиль: 97%

0.37904

Средний

6.5 Medium

CVSS3