Exploits

Microsoft SharePoint 2019 RCE Flaw (CVE-2025-53770)

Published  ·  2 min read

Security researcher Agampreet Singh has disclosed a critical vulnerability in Microsoft SharePoint Server 2019 (build 16.0.10383.20020). Tracked as CVE-2025-53770, this flaw has been rated critical because it enables unauthenticated Remote Code Execution (RCE).

The vulnerability stems from unsafe deserialization in SharePoint’s ToolPane.aspx page, specifically through the Scorecard:ExcelDataSet control. By manipulating the way SharePoint processes compressed payloads, attackers can execute arbitrary code on the target server — without needing valid login credentials.

Why This Matters

If exploited, this vulnerability allows attackers to:

  1. Gain full remote access to the underlying Windows Server
  2. Deploy webshells or malware for persistence
  3. Steal or alter sensitive business data
  4. Move laterally within enterprise networks

Since SharePoint is widely used for collaboration and document management, this vulnerability poses significant risks to enterprises of all sizes.

Who Is Affected?

  1. Version: SharePoint Server 2019 (16.0.10383.20020)
  2. Tested On: Windows Server 2019 (x64)
  3. Exposure: Any organization running unpatched SharePoint servers accessible over the internet

Recommended Mitigations

  1. Apply Security Updates – Microsoft is expected to release or has released patches addressing this vulnerability. Always stay current with official updates.
  2. Restrict External Access – Limit SharePoint’s accessibility from the internet, and place it behind a VPN or reverse proxy where possible.
  3. Monitor Logs – Watch for suspicious requests targeting /ToolPane.aspx.
  4. Harden Permissions – Run SharePoint with the least privileges required.
  5. Incident Response – If compromise is suspected, investigate for uploaded payloads or unusual process activity.

The CVE-2025-53770 SharePoint RCE vulnerability underscores how critical collaboration tools can become prime attack targets. Organizations relying on SharePoint must prioritize patching and ensure robust access controls.

By combining updates, monitoring, and restricted exposure, enterprises can significantly reduce the risk of exploitation.

More: https://www.exploit-db.com/exploits/52405

Professional Services

Explore Our Cybersecurity Services

Our insights are backed by hands-on service delivery. If your business needs professional cybersecurity support, our UK-based specialists are ready to help.

© 2016 – 2026 Red Secure Tech Ltd. Registered in England and Wales — Company No: 15581067