Microsoft IIS Web Deploy Vulnerability Allows Remote Code Execution
gbhackersMicrosoft has disclosed a critical security vulnerability in its Internet Information Services (IIS) Web Deploy tool that could allow attackers to execute arbitrary code remotely on affected systems.
The vulnerability, designated as CVE-2025-53772, was announced on August 12, 2025, and carries an “Important” severity rating with a CVSS score of 8.8 out of 10.
| Vulnerability Details | Information |
| CVE ID | CVE-2025-53772 |
| Release Date | August 12, 2025 |
| Assigning CNA | Microsoft |
| Impact | Remote Code Execution |
| Max Severity | Important |
| Weakness Type | CWE-502: Deserialization of Untrusted Data |
| CVSS Score | 8.8 / 7.7 |
The vulnerability stems from improper deserialization of untrusted data within the Web Deploy framework, a Microsoft tool commonly used for deploying web applications and content to IIS web servers.
This flaw allows authenticated attackers with low-level privileges to potentially gain complete control over vulnerable systems by exploiting the deserialization process.
The attack vector is particularly concerning as it can be executed ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE