What the vulnerability does
01Description
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
CVE-2025-53772
HIGH
CVE-2025-53772: Web Deploy Remote Code Execution Vulnerability
CVSS base score
8.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Key dates
02Disclosure timeline
August 12, 2025
CVE published
February 26, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection
CVE-2026-32502 WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability
CVE-2026-34615 Adobe Connect | Deserialization of Untrusted Data (CWE-502)
CVE-2024-29136 WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability
CVE-2023-30534 Insecure Deserialization in Cacti
