Platform
sharepoint
Component
microsoft-sharepoint-enterprise-server
Fixed in
16.0.5513.1002
16.0.10417.20041
16.0.18526.20518
CVE-2025-53760 describes a server-side request forgery (SSRF) vulnerability within Microsoft SharePoint Enterprise Server. This flaw allows an authenticated attacker to potentially elevate their privileges and gain unauthorized access to network resources. The vulnerability impacts versions 16.0.0 through 16.0.18526.20518, and a fix is available in version 16.0.18526.20518.
The SSRF vulnerability in SharePoint Enterprise Server allows an attacker who has authenticated access to the system to craft malicious requests that appear to originate from the SharePoint server itself. This can be exploited to access internal resources that are otherwise protected, such as databases, APIs, or other internal services. Successful exploitation could lead to data exfiltration, privilege escalation, and potentially complete compromise of the affected SharePoint environment. The attacker could potentially use SharePoint as a springboard to launch attacks against other systems on the network, expanding the blast radius beyond just the SharePoint server itself. While the vulnerability requires authentication, the potential for privilege escalation makes it a significant security risk.
CVE-2025-53760 was publicly disclosed on 2025-08-12. The CVSS score of 7.1 (HIGH) indicates a significant risk. Currently, there are no publicly available proof-of-concept exploits, but the SSRF nature of the vulnerability makes it likely that exploits will emerge. It is not currently listed on the CISA KEV catalog, but its potential for privilege escalation warrants close monitoring. Organizations should prioritize patching to prevent exploitation.
Exploit Status
EPSS
0.29% (52% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-53760 is to upgrade Microsoft SharePoint Enterprise Server to version 16.0.18526.20518 or later. If immediate upgrading is not possible, consider implementing network segmentation to restrict SharePoint's access to internal resources. Implement strict input validation and output encoding within SharePoint applications to prevent malicious requests. Review and strengthen authentication mechanisms to limit the potential for attackers to gain initial access. Monitor SharePoint logs for suspicious activity, particularly requests to unusual or internal endpoints. Consider deploying a Web Application Firewall (WAF) with SSRF protection rules to block malicious requests.
Apply the security updates provided by Microsoft for SharePoint Enterprise Server 2016. See the Microsoft security bulletin CVE-2025-53760 for more details and specific update instructions. Ensure you apply the update corresponding to your SharePoint version.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-53760 is a server-side request forgery vulnerability in Microsoft SharePoint Enterprise Server allowing authenticated attackers to elevate privileges over a network.
If you are running Microsoft SharePoint Enterprise Server versions 16.0.0–16.0.18526.20518, you are potentially affected by this vulnerability.
Upgrade to Microsoft SharePoint Enterprise Server version 16.0.18526.20518 or later to remediate the vulnerability.
While no public exploits are currently available, the SSRF nature of the vulnerability suggests potential for exploitation, and organizations should prioritize patching.
Refer to the official Microsoft Security Update Guide for details: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53760]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.