A critical vulnerability (CVE-2025-53772) in Microsoft Web Deploy 4.0 allows authenticated attackers to execute remote code by exploiting unsafe deserialization of untrusted data. Requiring only low privileges and no user interaction, the flaw poses serious risk to system confidentiality, integrity, and availability. Microsoft has released a patch (version 10.0.2001) and urges all users to apply it immediately.