KB-2344 Information about the Microsoft SharePoint Server Vulnerability (CVE-2025-53770 and CVE-2025-53771)

On 19-Jul-2025, Microsoft announced active exploitation of two vulnerabilities against its on-premise Microsoft SharePoint Server software. 

Appian does not use on-premise Microsoft SharePoint software and is not impacted by any related CVEs. We will continue to monitor the situation and provide any updates as appropriate.

Additional Notes:

The following CVEs were released with additional information on the scope of the vulnerability:

• CVE-2025-53770 - (“Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.”)
• CVE-2025-53771 - (“Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.”)

Supporting Documentation:

• https://nvd.nist.gov/vuln/detail/CVE-2025-53770
• https://nvd.nist.gov/vuln/detail/CVE-2025-53771
• https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/
  
  

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: July 22, 2025