cnvd-2025-16684
Vulnerability from cnvd
Title
Microsoft SharePoint Server远程代码执行漏洞
Description
SharePoint Server是微软提供的本地部署的企业协作平台,支持内容共享、知识管理和应用整合,可与 Microsoft 365订阅无缝对接以获取最新功能。 Microsoft SharePoint Server存在远程代码执行漏洞,漏洞源于本地部署的Microsoft SharePoint Server在处理不可信数据时存在反序列化缺陷,未经授权的攻击者可利用漏洞通过网络执行代码。
Severity
Patch Name
Microsoft SharePoint Server远程代码执行漏洞的补丁
Patch Description
SharePoint Server是微软提供的本地部署的企业协作平台,支持内容共享、知识管理和应用整合,可与 Microsoft 365订阅无缝对接以获取最新功能。 Microsoft SharePoint Server存在远程代码执行漏洞,漏洞源于本地部署的Microsoft SharePoint Server在处理不可信数据时存在反序列化缺陷,未经授权的攻击者可利用漏洞通过网络执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770

Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-53770
Impacted products
Name
['Microsoft SharePoint Enterprise Server 2016', 'Microsoft SharePoint Server 2019', 'Microsoft SharePoint Server <16.0.18526.20508']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-53770"
    }
  },
  "description": "SharePoint Server\u662f\u5fae\u8f6f\u63d0\u4f9b\u7684\u672c\u5730\u90e8\u7f72\u7684\u4f01\u4e1a\u534f\u4f5c\u5e73\u53f0\uff0c\u652f\u6301\u5185\u5bb9\u5171\u4eab\u3001\u77e5\u8bc6\u7ba1\u7406\u548c\u5e94\u7528\u6574\u5408\uff0c\u53ef\u4e0e Microsoft 365\u8ba2\u9605\u65e0\u7f1d\u5bf9\u63a5\u4ee5\u83b7\u53d6\u6700\u65b0\u529f\u80fd\u3002\n\nMicrosoft SharePoint Server\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8e\u672c\u5730\u90e8\u7f72\u7684Microsoft SharePoint Server\u5728\u5904\u7406\u4e0d\u53ef\u4fe1\u6570\u636e\u65f6\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u7f3a\u9677\uff0c\u672a\u7ecf\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u7f51\u7edc\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-16684",
  "openTime": "2025-07-23",
  "patchDescription": "SharePoint Server\u662f\u5fae\u8f6f\u63d0\u4f9b\u7684\u672c\u5730\u90e8\u7f72\u7684\u4f01\u4e1a\u534f\u4f5c\u5e73\u53f0\uff0c\u652f\u6301\u5185\u5bb9\u5171\u4eab\u3001\u77e5\u8bc6\u7ba1\u7406\u548c\u5e94\u7528\u6574\u5408\uff0c\u53ef\u4e0e Microsoft 365\u8ba2\u9605\u65e0\u7f1d\u5bf9\u63a5\u4ee5\u83b7\u53d6\u6700\u65b0\u529f\u80fd\u3002\r\n\r\nMicrosoft SharePoint Server\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u6e90\u4e8e\u672c\u5730\u90e8\u7f72\u7684Microsoft SharePoint Server\u5728\u5904\u7406\u4e0d\u53ef\u4fe1\u6570\u636e\u65f6\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u7f3a\u9677\uff0c\u672a\u7ecf\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u7f51\u7edc\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft SharePoint Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft SharePoint Enterprise Server 2016",
      "Microsoft SharePoint Server 2019",
      "Microsoft SharePoint Server \u003c16.0.18526.20508"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-53770",
  "serverity": "\u9ad8",
  "submitTime": "2025-07-23",
  "title": "Microsoft SharePoint Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.