Serial number: AV25-433
Date: July 21, 2025
Updated: July 22, 2025
On July 19, 2025, Microsoft published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following products:
- Microsoft SharePoint Server Subscription Edition – versions prior to KB5002768
- Microsoft SharePoint Server 2016 – versions prior to KB5002760
- Microsoft SharePoint Server 2019 – versions prior to KB5002754
Microsoft states that for SharePoint 2016 and 2019 "Both the server and language pack updates should be installed".
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
- Customer guidance for SharePoint vulnerability CVE-2025-53770
- Disrupting active exploitation of on-premises SharePoint vulnerabilities
- Microsoft SharePoint Server Remote Code Execution Vulnerability - CVE-2025-53770
- Microsoft SharePoint Server Spoofing Vulnerability - CVE-2025-53771
- Security Update for Microsoft SharePoint Server Subscription Edition (KB5002768)
- Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002760)
- Security Update for Microsoft SharePoint Enterprise Server 2016 Language Pack (KB5002759)
- Security Update for Microsoft SharePoint Server 2019 Core (KB5002754)
- Security Update for Microsoft SharePoint Server 2019 Language Pack (KB5002753)