Microsoft has published a security advisory detailing a vulnerability affecting on-premises SharePoint Server instances.

This vulnerability allows an attacker to remotely execute arbitrary code via the deserialisation of untrusted data. A separate vulnerability, CVE-2025-53771, allows this attack to be performed while bypassing authentication.

Microsoft and the NCSC are aware that an exploit for this vulnerability exists in the wild and have observed active attacks targeting on-premises SharePoint Server customers, including a limited number in the UK.

Organisations using the following on-premises SharePoint products are affected:

• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server 2016

The NCSC recommends following vendor best practice advice to mitigate vulnerabilities. In this case, Microsoft has released security updates that fully protect organisations using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770 and a related vulnerability, CVE-2025-53771. These updates should be applied immediately to ensure installations are protected.

Organisations using SharePoint 2016 are advised to monitor Microsoft’s website for upcoming release of a similar security update and apply it as soon as it is available.

In addition to applying the specific security update for your version of SharePoint, Microsoft also recommend the following steps be taken to mitigate potential attacks:

1. Use supported versions of on-premises SharePoint Server.
2. Apply the latest wider security updates, including the July 2025 Security Update.
3. Ensure the Anti-malware Scan Interface (AMSI) is turned on and configured correctly, with an appropriate antivirus solution such as Defender Antivirus.
4. Deploy Microsoft Defender for Endpoint protection, or equivalent threat solutions.
5. Rotate SharePoint Server ASP.NET machine keys.

Detailed guidance for each step as well as detection, protection, and hunting, is provided on Microsoft’s website.

The NCSC provides a range of free guidance, services and tools that help to secure systems.

• Follow NCSC guidance including vulnerability management and preventing lateral movement.
• The NCSC Vulnerability Disclosure Toolkit helps organisations of all sizes with the essential components of implementing a vulnerability disclosure process.