CVE-2025-53771

ENISA EUVD: EUVD-2025-22040 ↗

✓ Confirmed 0-Day

Triaged: March 5, 2026 11 articles Published: 2025-07-20

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23

44.97%

probability

This CVE has a 44.97% probability of being exploited in the next 30 days.

0% Top 97.6th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

6.5

MEDIUM

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Temporal

Exploit Code Maturity

Proof-of-Concept

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

Description

NVD

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Affected Products

Microsoft

Microsoft SharePoint Enterprise Server 2016

16.0.0

Microsoft

Microsoft SharePoint Server 2019

16.0.0

Microsoft

Microsoft SharePoint Server Subscription Edition

16.0.0

microsoft

sharepoint server

Microsoft

Microsoft SharePoint Enterprise Server 2016

N/A

Microsoft

Microsoft SharePoint Server 2019

16.0.0 <16.0.10417.20037

Microsoft

Microsoft SharePoint Server Subscription Edition

16.0.0 <16.0.18526.20508

Microsoft

Microsoft SharePoint Server 2019

N/A

Microsoft

Microsoft SharePoint Enterprise Server 2016

16.0.0 <16.0.5513.1001

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771

vendor-advisory patch

Signal Intelligence

Confidenceⓘ

85%

EPSS 44.97%

CVSS v3.1 6.5

Mentions 11

Last Seen Jul 24, 2025

CNA Information

CNA Assigner

microsoft

CNA Title

Microsoft SharePoint Server Spoofing Vulnerability

Analyst Note

Article [2] explicitly states 'Microsoft SharePoint zero-day exploited in RCE attacks, no patch available,' confirming active exploitation before patch availability. Article [1] references emergency patches for exploited SharePoint RCE flaws. The 2025 CVE date with concurrent exploitation reports and explicit zero-day language in authoritative sources meets confirmation criteria.