Cyber Resilience

CVE-2025-53772

HighRCE

Published: 12 August 2025

Published
12 August 2025
Modified
15 August 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1571 94.9th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53772 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Web Deploy 4.0. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-53772 is a deserialization of untrusted data vulnerability, tracked under CWE-502, that affects Microsoft Web Deploy. The flaw carries a CVSS 3.1 base score of 8.8 and permits remote code execution when an attacker supplies crafted serialized data to the affected component.

An authorized user with network access can exploit the issue without user interaction or special conditions. Successful exploitation grants the attacker full confidentiality, integrity, and availability impact, allowing arbitrary code execution on the target system.

The official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53772 provides mitigation guidance and patch information. The associated EPSS score has remained flat at 0.1571 with no material increase since disclosure.

EU & UK References

Vulnerability details

Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Deserialization vulnerability in network-accessible Web Deploy service directly enables unauthenticated or low-priv RCE over the network, mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-59287Same vendor: Microsoft
CVE-2026-26114Same vendor: Microsoft
CVE-2026-21531Same vendor: Microsoft
CVE-2026-41104Same vendor: Microsoft
CVE-2025-59237Same vendor: Microsoft
CVE-2025-54897Same vendor: Microsoft
CVE-2026-20963Same vendor: Microsoft
CVE-2026-35439Same vendor: Microsoft
CVE-2026-40357Same vendor: Microsoft
CVE-2025-55232Same vendor: Microsoft

Affected Assets

microsoft
web deploy 4.0
≤ 10.0.2001

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the deserialization vulnerability by requiring timely identification, reporting, and application of vendor patches as provided in the MSRC advisory.

prevent

Requires validation of untrusted network inputs to Web Deploy to prevent exploitation of unsafe deserialization leading to remote code execution.

prevent

Implements memory protections such as DEP and ASLR to mitigate remote code execution resulting from successful deserialization attacks.

References