Plataforma
sharepoint
Componente
microsoft-sharepoint-enterprise-server
Corregido en
16.0.5513.1002
16.0.10417.20041
16.0.18526.20518
CVE-2025-53760 describes a server-side request forgery (SSRF) vulnerability within Microsoft SharePoint Enterprise Server. This flaw allows an authenticated attacker to potentially elevate their privileges and gain unauthorized access to network resources. The vulnerability impacts versions 16.0.0 through 16.0.18526.20518, and a fix is available in version 16.0.18526.20518.
The SSRF vulnerability in SharePoint Enterprise Server allows an attacker who has authenticated access to the system to craft malicious requests that appear to originate from the SharePoint server itself. This can be exploited to access internal resources that are otherwise protected, such as databases, APIs, or other internal services. Successful exploitation could lead to data exfiltration, privilege escalation, and potentially complete compromise of the affected SharePoint environment. The attacker could potentially use SharePoint as a springboard to launch attacks against other systems on the network, expanding the blast radius beyond just the SharePoint server itself. While the vulnerability requires authentication, the potential for privilege escalation makes it a significant security risk.
CVE-2025-53760 was publicly disclosed on 2025-08-12. The CVSS score of 7.1 (HIGH) indicates a significant risk. Currently, there are no publicly available proof-of-concept exploits, but the SSRF nature of the vulnerability makes it likely that exploits will emerge. It is not currently listed on the CISA KEV catalog, but its potential for privilege escalation warrants close monitoring. Organizations should prioritize patching to prevent exploitation.
Organizations heavily reliant on Microsoft SharePoint Enterprise Server for document management, collaboration, and internal applications are at significant risk. Environments with weak authentication controls or inadequate network segmentation are particularly vulnerable. Shared hosting environments where multiple tenants share the same SharePoint instance should also be carefully assessed.
• sharepoint: Examine SharePoint logs for unusual outbound requests, particularly those targeting internal IP addresses or services. Use PowerShell to check for suspicious scheduled tasks or web parts.
Get-SPOSite -Limit 1000 | Select-Object URL, Title• generic web: Monitor access logs for requests to internal resources that should not be accessible from the outside. Check response headers for signs of SSRF exploitation.
curl -I <sharepoint_url> | grep -i 'X-SharePoint-Environment'disclosure
Estado del Exploit
EPSS
0.29% (52% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-53760 is to upgrade Microsoft SharePoint Enterprise Server to version 16.0.18526.20518 or later. If immediate upgrading is not possible, consider implementing network segmentation to restrict SharePoint's access to internal resources. Implement strict input validation and output encoding within SharePoint applications to prevent malicious requests. Review and strengthen authentication mechanisms to limit the potential for attackers to gain initial access. Monitor SharePoint logs for suspicious activity, particularly requests to unusual or internal endpoints. Consider deploying a Web Application Firewall (WAF) with SSRF protection rules to block malicious requests.
Aplicar las actualizaciones de seguridad proporcionadas por Microsoft para SharePoint Enterprise Server 2016. Consulte el boletín de seguridad de Microsoft CVE-2025-53760 para obtener más detalles e instrucciones específicas sobre la actualización. Asegúrese de aplicar la actualización correspondiente a su versión de SharePoint.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-53760 is a server-side request forgery vulnerability in Microsoft SharePoint Enterprise Server allowing authenticated attackers to elevate privileges over a network.
If you are running Microsoft SharePoint Enterprise Server versions 16.0.0–16.0.18526.20518, you are potentially affected by this vulnerability.
Upgrade to Microsoft SharePoint Enterprise Server version 16.0.18526.20518 or later to remediate the vulnerability.
While no public exploits are currently available, the SSRF nature of the vulnerability suggests potential for exploitation, and organizations should prioritize patching.
Refer to the official Microsoft Security Update Guide for details: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53760]
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.