CISA Adds Critical SharePoint Vulnerability CVE-2025-53770 to Exploited Vulnerabilities Catalog

TL;DR

The Cybersecurity and Infrastructure Security Agency (CISA) recently added a critical vulnerability, CVE-2025-53770, to its Known Exploited Vulnerabilities Catalog. This Microsoft SharePoint Server Remote Code Execution Vulnerability poses significant risks to the federal enterprise. Organizations are urged to prioritize remediation to protect against active threats.

Introduction

The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability, CVE-2025-53770, to its Known Exploited Vulnerabilities Catalog. This vulnerability, known as “ToolShell,” affects Microsoft SharePoint Server and allows for remote code execution, posing significant risks to federal and private sector organizations.

CVE-2025-53770: ToolShell Vulnerability

The vulnerability, CVE-2025-53770, is a critical Microsoft SharePoint Server Remote Code Execution Vulnerability. It has been actively exploited by malicious actors, making it a high-priority concern for cybersecurity professionals.

For more details, refer to CISA’s alert: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)¹.

Impact and Mitigation

Vulnerabilities like CVE-2025-53770 are common attack vectors for cyber threats and pose substantial risks to the federal enterprise. To mitigate these risks, CISA established the Known Exploited Vulnerabilities Catalog through Binding Operational Directive (BOD) 22-01. This directive mandates that Federal Civilian Executive Branch (FCEB) agencies remediate identified vulnerabilities by the specified due date².

For more information, see the BOD 22-01 Fact Sheet³.

Recommendations

Although BOD 22-01 applies to FCEB agencies, CISA strongly recommends that all organizations prioritize the timely remediation of vulnerabilities listed in the Catalog⁴ to reduce their exposure to cyberattacks. CISA will continue to update the catalog with vulnerabilities that meet the specified criteria⁵.

Conclusion

The addition of CVE-2025-53770 to CISA’s Known Exploited Vulnerabilities Catalog underscores the critical importance of proactive vulnerability management. Organizations must stay vigilant and take immediate action to mitigate such threats, ensuring the security and integrity of their systems.

Additional Resources

For further insights, check:

• CISA Known Exploited Vulnerabilities Catalog⁶
• CISA Alerts⁷

References

1. (2025). “Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)”. CISA. Retrieved 2025-07-20. ↩︎

2. (2021). “Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities”. CISA. Retrieved 2025-07-20. ↩︎

3. (2021). “BOD 22-01 Fact Sheet”. CISA. Retrieved 2025-07-20. ↩︎

4. (2025). “Catalog vulnerabilities”. CISA. Retrieved 2025-07-20. ↩︎

5. (2025). “specified criteria”. CISA. Retrieved 2025-07-20. ↩︎

6. (2025). “CISA Known Exploited Vulnerabilities Catalog”. CISA. Retrieved 2025-07-20. ↩︎

7. (2025). “CISA Alerts”. CISA. Retrieved 2025-07-20. ↩︎