Security Updates for Microsoft SharePoint Server 2016 (July 2025)

high Nessus Plugin ID 242480

Synopsis

The Microsoft SharePoint Server 2016 installation on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple security vulnerabilities:

- Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. (CVE-2025-53770)

- Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. (CVE-2025-53771)

Solution

Microsoft has released KB5002760 to address this issue. Language Pack KB5002759 is required for installation.

Plugin Details

Severity: High

ID: 242480

File Name: smb_nt_ms25_jul_office_sharepoint_2016_CVE-2025-53770.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows : Microsoft Bulletins

Published: 7/21/2025

Updated: 7/22/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:P/A:N

CVSS Score Source: CVE-2025-53771

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sharepoint_server:2016

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/21/2025

Vulnerability Publication Date: 7/20/2025

CISA Known Exploited Vulnerability Due Dates: 7/21/2025

Reference Information

CVE: CVE-2025-53770, CVE-2025-53771

MSFT: MS25-5002760

MSKB: 5002760

Detections

Analytics