Summary of Vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) revels critical security flaw that could be exploited by authenticated attackers to execute code on affected systems. This is the bug disclosed on August 12, 2025, with a CVSS score of 8.8, indicating high severity.

Severity	High
CVSS Score	8.8
CVEs	CVE-2025-53772
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

A vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) allows authenticated attackers to remotely execute arbitrary code on affected systems.

The issue arises from the insecure deserialization of untrusted data. Due to its low privilege requirements and lack of user interaction, this flaw poses a significant threat, especially in enterprise deployment environments. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
​ Web Deploy Remote Code Execution via Deserialization	CVE-2025-53772	Microsoft Web Deploy 4.0	High	10.0.2001 or later

Technical Summary 

The vulnerability stems from insecure deserialization of untrusted data (CWE-502), allowing remote attackers to craft malicious HTTP requests that trigger code execution on the web server. This flaw enables remote code execution (RCE) under specific conditions, where the attacker must have authenticated access and network connectivity.

The attack is network-based, requires only low-privilege access and does not rely on user interaction. Successful exploitation can result in a high impact on confidentiality, integrity and availability of the affected system. As of the time of publication, no public exploit has been reported and the exploit maturity is considered unproven. 

CVE ID	CVSS Score	System Affected	Vulnerability Details	Impact
CVE-2025-53772	8.8	Microsoft Web Deploy 4.0	Web Deploy deserializes untrusted input, allowing remote attackers to execute arbitrary code.	Remote Code Execution

Recommendations: 

Here are some recommendations below 

• Apply Microsoft Web Deploy version 10.0.2001 or latest version. 

• Limit access to Web Deploy endpoints to trusted IP ranges or internal networks only. 

• Audit logs for unusual HTTP POST activity to Web Deploy endpoints. 

Conclusion: 
While CVE-2025-53772 has not yet been publicly exploited, the nature of the flaw and the ease of attack (low privileges, no user interaction) significantly increases the risk of widespread exploitation, particularly in enterprise deployment environments.

Organizations using Microsoft Web Deploy 4.0 should update and apply the latest patch without delay.

This vulnerability affects Web Deploy 4.0 and requires low privileges to exploit, making it particularly concerning for organizations that use this deployment tool in their infrastructure. The vulnerability allows an authenticated attacker to exploit the system via low-complexity network-based attacks. 

References: 

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53772 

• https://www.microsoft.com/en-us/download/details.aspx?id=106070 

• https://cybersecuritynews.com/microsoft-iis-web-deploy-vulnerability/