A crucial vulnerability within the Microsoft Net Deploy software might permit authenticated attackers to execute distant code on affected programs.
The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS rating of 8.8, indicating excessive severity.
The flaw stems from the deserialization of untrusted knowledge in Net Deploy, categorised underneath the CWE-502 weak point class.
Key Takeaways1. CVE-2025-53772 in Net Deploy 4.0 permits distant code execution.2. Requires solely low privileges and no consumer interplay.3. Set up safety updates instantly to forestall potential system compromise.
This vulnerability impacts Net Deploy 4.0 and requires low privileges to take advantage of, making it notably regarding for organizations utilizing this deployment software of their infrastructure.
The Microsoft Safety Response Middle (MSRC) has confirmed that whereas the vulnerability has not been publicly exploited, it poses important dangers to system confidentiality, integrity, and availability.
Microsoft Net Deploy Vulnerability
The vulnerability permits an authenticated attacker to take advantage of the system by network-based assaults with low complexity.
Attackers can leverage this flaw by sending malicious HTTP requests to the net server internet hosting Net Deploy companies.
The assault requires low privileges and no consumer interplay, making it comparatively straightforward to take advantage of as soon as an attacker good points preliminary entry to the system.
The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C signifies that profitable exploitation might lead to excessive affect to confidentiality, integrity, and availability of the focused system.
Microsoft’s exploitability evaluation charges this vulnerability as “Exploitation Much less Doubtless,” although safety consultants advocate speedy patching because of the potential for distant code execution.
The safety researcher Batuhan Er from HawkTrace found and responsibly disclosed this vulnerability to Microsoft by coordinated vulnerability disclosure.
Danger FactorsDetailsAffected ProductsWeb Deploy 4.0ImpactRemote Code ExecutionExploit Conditions– Community access- Low privileges required- No consumer interplay needed- Authenticated entry to internet serverCVSS 3.1 Score8.8 (Excessive)
Microsoft has launched safety replace model 10.0.2001 for Net Deploy 4.0, which addresses the deserialization flaw and prevents distant code execution assaults.
Organizations utilizing Microsoft Net Deploy ought to instantly apply the obtainable safety replace by Microsoft’s obtain heart.
The Microsoft Safety Response Middle continues to observe for potential exploitation makes an attempt and has offered complete steering by its Safety Replace Information to assist directors assess and mitigate dangers of their environments.
Enhance your SOC and assist your staff defend your online business with free top-notch risk intelligence: Request TI Lookup Premium Trial.
