Microsoft IIS Web Deploy RCE Vulnerability Allows Authenticated Remote Code Execution
Summary of Vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) revels critical security flaw that could be exploited by authenticated attackers to execute code on affected systems. This is the bug disclosed on August 12, 2025, with a CVSS score of 8.8, indicating high severity.
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-53772 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A vulnerability in Microsoft Web Deploy 4.0 (CVE-2025-53772) allows authenticated attackers to remotely execute arbitrary code on affected systems.
The issue arises from the insecure deserialization of untrusted data. Due to its low privilege requirements and lack of user interaction, this flaw poses a significant threat, especially in enterprise deployment environments.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Web Deploy Remote Code Execution via Deserialization | CVE-2025-53772 | Microsoft Web Deploy 4.0 | High | 10.0.2001 or later |
Technical Summary
The vulnerability stems from insecure deserialization of untrusted data (CWE-502), allowing remote attackers to craft malicious HTTP requests that trigger code execution on the web server. This flaw enables remote code execution (RCE) under specific conditions, where the attacker must have authenticated access and network connectivity.
The attack is network-based, requires only low-privilege access and does not rely on user interaction. Successful exploitation can result in a high impact on confidentiality, integrity and availability of the affected system. As of the time of publication, no public exploit has been reported and the exploit maturity is considered unproven.
| CVE ID | CVSS Score | System Affected | Vulnerability Details | Impact |
| CVE-2025-53772 | 8.8 | Microsoft Web Deploy 4.0 | Web Deploy deserializes untrusted input, allowing remote attackers to execute arbitrary code. | Remote Code Execution |
Recommendations:
Here are some recommendations below
- Apply Microsoft Web Deploy version 10.0.2001 or latest version.
- Limit access to Web Deploy endpoints to trusted IP ranges or internal networks only.
- Audit logs for unusual HTTP POST activity to Web Deploy endpoints.
Conclusion:
While CVE-2025-53772 has not yet been publicly exploited, the nature of the flaw and the ease of attack (low privileges, no user interaction) significantly increases the risk of widespread exploitation, particularly in enterprise deployment environments.
Organizations using Microsoft Web Deploy 4.0 should update and apply the latest patch without delay.
This vulnerability affects Web Deploy 4.0 and requires low privileges to exploit, making it particularly concerning for organizations that use this deployment tool in their infrastructure. The vulnerability allows an authenticated attacker to exploit the system via low-complexity network-based attacks.
References:
Recent Comments