A high-severity vulnerability has been identified in Microsoft’s Web Deploy tool that could allow authenticated attackers to perform remote code execution (RCE) on vulnerable systems.
The flaw, tracked as CVE-2025-53772, was revealed on August 12, 2025, and has been assigned a CVSS score of 8.8, making it a significant security concern.
Technical Details
The issue arises from the deserialization of untrusted data in Web Deploy, which falls under CWE-502 (Deserialization of Untrusted Data). Attackers with low privileges can exploit this weakness through specially crafted HTTP requests sent to a server running Web Deploy services.
Once exploited, this vulnerability could compromise confidentiality, integrity, and availability, enabling malicious actors to run arbitrary code without requiring user interaction.
Key Points
1. CVE-2025-53772 affects Web Deploy 4.0 and allows remote code execution.
2. Exploitation requires only low privileges with no user interaction.
3. Immediate patching is recommended to avoid system compromise.Risk Overview
| Risk Factors | Details |
|---|---|
| Affected Product | Microsoft Web Deploy 4.0 |
| Impact | Remote Code Execution |
| Requirements | Network access, low privileges, no user interaction, authenticated access |
| CVSS 3.1 Score | 8.8 (High) |
The CVSS vector string (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C) shows that successful exploitation can result in a high impact on targeted environments.
Although Microsoft has rated the likelihood of exploitation as “Less Likely”, security experts stress that the vulnerability remains critical due to the possibility of full system compromise.
Research and Disclosure
The flaw was discovered by Batuhan Er, a researcher from HawkTrace, who reported it responsibly through Microsoft’s Coordinated Vulnerability Disclosure (CVD) program.
Microsoft Response and Patch
Microsoft has issued security update version 10.0.2001 for Web Deploy 4.0, which addresses the deserialization flaw and blocks RCE attempts.
The Microsoft Security Response Center (MSRC) recommends that organizations apply the update without delay. MSRC also continues to monitor for any exploitation activity and has provided guidance in its official Security Update Guide.
