This week's Patch Wednesday addresses two significant zero-day vulnerabilities discovered in Microsoft SharePoint Server: CVE-2025-53770 and CVE-2025-53771. These vulnerabilities pose a severe risk, as they could permit remote code execution (RCE) on affected SharePoint servers, placing sensitive organizational data in jeopardy.
Given the critical nature of these flaws and evidence of active exploitation, it is imperative that organizations assess their systems and apply the necessary patches immediately.
Vulnerability Breakdown
Microsoft has released security updates to address these two distinct vulnerabilities.
- CVE-2025-53770: Remote Code Execution
- Severity: Critical
- CVSS Score: 9.8
- Summary: This vulnerability stems from the deserialization of untrusted data, which allows an unauthorized attacker to execute code over a network. Microsoft has confirmed that an exploit for this vulnerability exists in the wild, elevating the urgency for remediation.
- CVE-2025-53771: Path Traversal
- Severity: High
- CVSS Score: 7.1
- Summary: This vulnerability involves an improper limitation of a pathname, allowing an authorized attacker to perform spoofing over a network.
Affected SharePoint Versions
The following on-premise versions of Microsoft SharePoint are affected:
- SharePoint 2016
- SharePoint 2019
- SharePoint Subscription Edition
Action Required: Mitigation and Patches
To protect your environment, you must deploy the official patches released by Microsoft.
Official Patches:
Important Note: These updates may not be available immediately through the standard Windows Update service. Therefore, manual installation is strongly recommended to ensure your servers are protected without delay. For automated enforcement, you can use the SecOps Solution platform.
Patch Deployment using SecOps Solution
Manual Patch Deployment Guide
Follow these steps to manually secure your servers:
- Download the Patches:
- Download the executable files for KB5002754 and, if needed, KB5002753.
- Ensure you download the correct file for your system’s specific architecture and build version.
- Deploy on Server:
- Copy the .exe files to the target SharePoint Server.
- Run the installers by double-clicking each .exe file. Follow the on-screen prompts to complete the installation.
- Reboot System:
- If prompted, reboot the server to complete the patch process. Perform the reboot securely to avoid any potential system corruption.
Post-Installation Validation
After the installation and reboot are complete, verify that the patches were applied successfully:
- Navigate to Control Panel → Programs → Programs and Features.
- Click on View Installed Updates.
- Confirm that both KB5002754 and KB5002753 (if used) appear in the list.
Stay vigilant and ensure your systems are patched to defend against these active threats.
Important Note:
- There are several key things to remember while deploying a patch. It is crucial to download the correct patch file that has been released for your system’s architecture, Operating System, and Build Version
- It is crucial that you follow the right process or supply the correct commands while installing the patch
- Understand if the patch requires a reboot of the system or not. If yes make sure to perform a reboot securely to avoid system corruption
SecOps Solution is a Full-stack Patch and Vulnerability Management Platform that helps organizations identify, prioritize, and remediate security vulnerabilities and misconfigurations in seconds.
To learn more, get in touch.
