A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems.
The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS score of 8.8, indicating high severity.
The flaw stems from the deserialization of untrusted data in Web Deploy, classified under the CWE-502 weakness category.
Key Takeaways
1. CVE-2025-53772 in Web Deploy 4.0 allows remote code execution.
2. Requires only low privileges and no user interaction.
3. Install security updates immediately to prevent potential system compromise.
This vulnerability affects Web Deploy 4.0 and requires low privileges to exploit, making it particularly concerning for organizations using this deployment tool in their infrastructure.
The Microsoft Security Response Center (MSRC) has confirmed that while the vulnerability has not been publicly exploited, it poses significant risks to system confidentiality, integrity, and availability.
Microsoft Web Deploy Vulnerability
The vulnerability allows an authenticated attacker to exploit the system through network-based attacks with low complexity.
Attackers can leverage this flaw by sending malicious HTTP requests to the web server hosting Web Deploy services.
The attack requires low privileges and no user interaction, making it relatively easy to exploit once an attacker gains initial access to the system.
The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C indicates that successful exploitation could result in high impact to confidentiality, integrity, and availability of the targeted system.
Microsoft’s exploitability assessment rates this vulnerability as “Exploitation Less Likely,” though security experts recommend immediate patching due to the potential for remote code execution.
The security researcher Batuhan Er from HawkTrace discovered and responsibly disclosed this vulnerability to Microsoft through coordinated vulnerability disclosure.
| Risk Factors | Details |
| Affected Products | Web Deploy 4.0 |
| Impact | Remote Code Execution |
| Exploit Prerequisites | – Network access- Low privileges required- No user interaction needed- Authenticated access to web server |
| CVSS 3.1 Score | 8.8 (High) |
Microsoft has released security update version 10.0.2001 for Web Deploy 4.0, which addresses the deserialization flaw and prevents remote code execution attacks.
Organizations using Microsoft Web Deploy should immediately apply the available security update through Microsoft’s download center.
The Microsoft Security Response Center continues to monitor for potential exploitation attempts and has provided comprehensive guidance through its Security Update Guide to help administrators assess and mitigate risks in their environments.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source link
