# CVE-2025-53770

> Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

- **CVSS:** 9.8 (CRITICAL)
- **EPSS:** 90.0%
- **CISA KEV:** yes (known ransomware use)
- **CWE:** CWE-502

Canonical: https://intel.threadlinqs.com/cve/CVE-2025-53770
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp