一、 漏洞 CVE-2025-53770 基础信息
漏洞信息
# Microsoft SharePoint 远程代码执行漏洞
## 概述
CVE-2025-53770 是一个存在于 Microsoft SharePoint Server on-premises 版本中的漏洞,攻击者可通过反序列化非受信数据,未经授权实现远程代码执行。
## 影响版本
受影响的为本地部署的 Microsoft SharePoint Server(具体版本尚未列出,需参考微软安全公告)。
## 细节
漏洞源于 SharePoint Server 在处理反序列化操作时未正确验证用户输入,导致攻击者可能通过网络发送特制数据以触发该问题,进而执行任意代码。
## 影响
攻击者可借此漏洞远程执行代码,可能导致系统被完全控制。微软确认该漏洞已有在野利用的 exploit 存在。
> ⚠️ **当前措施建议**:微软尚在开发完整补丁,用户应立即参照 CVE 文档中的建议应用相关的缓解措施。
神龙判断
是否为 Web 类漏洞: 是
判断理由:
是。这个漏洞涉及在本地部署的Microsoft SharePoint Server中对不受信任的数据进行反序列化,允许未授权的攻击者通过网络执行代码。这显然是服务器端的一个漏洞,因为它涉及到服务器上运行的服务被攻击者利用来执行恶意代码。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Microsoft SharePoint Server Remote Code Execution Vulnerability
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
可信数据的反序列化
来源:美国国家漏洞数据库 NVD
漏洞标题
Microsoft SharePoint Server 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Microsoft SharePoint Server是美国微软(Microsoft)公司的一款协作平台。 Microsoft SharePoint Server存在安全漏洞,该漏洞源于反序列化不受信任数据,可能导致远程代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-53770 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-53770.yaml | POC详情 |
| 2 | Detects a persistent webshell named 'spinstall0.aspx' deployed on Microsoft SharePoint servers. This file exposes sensitive cryptographic machineKey values from the SharePoint configuration, indicating the presence of a ToolShell backdoor implant. This implant is linked to targeted post-auth RCE campaigns exploiting CVE-2025-53770. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/backdoor/sharepoint-toolshell-backdoor.yaml | POC详情 |
| 3 | CVE-2025-53770 | https://github.com/B1ack4sh/Blackash-CVE-2025-53770 | POC详情 |
| 4 | A critical zero-day vulnerability CVE‑2025‑53770 has been actively exploited in the wild against on-premises Microsoft SharePoint Server. Dubbed "ToolShell," this exploit leverages a deserialization flaw (variant of CVE‑2025‑49706, CVSS: 6.3). | https://github.com/RukshanaAlikhan/CVE-2025-53770 | POC详情 |
| 5 | None | https://github.com/Bluefire-Redteam-Cybersecurity/bluefire-sharepoint-cve-2025-53770 | POC详情 |
| 6 | This PowerShell script detects indicators of compromise for CVE-2025-53770 — a critical RCE vulnerability in Microsoft SharePoint. Created by @n1chr0x and @BlackRazer67 | https://github.com/n1chr0x/ZeroPoint | POC详情 |
| 7 | POC | https://github.com/kaizensecurity/CVE-2025-53770 | POC详情 |
| 8 | A comprehensive security monitoring solution for SharePoint Server with specific protection against CVE-2025-53770 and other threats | https://github.com/paolokappa/SharePointSecurityMonitor | POC详情 |
| 9 | SharePoint WebPart Injection Exploit Tool | https://github.com/soltanali0/CVE-2025-53770-Exploit | POC详情 |
| 10 | Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability. | https://github.com/hazcod/CVE-2025-53770 | POC详情 |
| 11 | ToolShell scanner - CVE-2025-53770 and detection information | https://github.com/ZephrFish/CVE-2025-53770-Scanner | POC详情 |
| 12 | Hunting for Critical SharePoint Vulnerability CVE-2025-53770 | https://github.com/siag-itsec/CVE-2025-53770-Hunting | POC详情 |
| 13 | Comprueba si un servidor SharePoint on-premises es vulnerable a CVE-2025-53770 | https://github.com/grupooruss/CVE-2025-53770-Checker | POC详情 |
| 14 | None | https://github.com/tripoloski1337/CVE-2025-53770-scanner | POC详情 |
| 15 | A critical zero-auth RCE vulnerability in SharePoint (CVE-2025-53770), now exploited in the wild, building directly on the spoofing flaw CVE-2025-49706. | https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE | POC详情 |
| 16 | CVE-2025-53770 – Vulnerability Research & Exploitation | https://github.com/b33b0y/CVE-2025-53770 | POC详情 |
| 17 | None | https://github.com/GreenForceNetwork/Toolshell_CVE-2025-53770 | POC详情 |
| 18 | None | https://github.com/imbas007/CVE-2025-53770-Vulnerable-Scanner | POC详情 |
| 19 | A Python-based reconnaissance scanner for safely identifying potential exposure to SharePoint vulnerability CVE-2025-53770. | https://github.com/Sec-Dan/CVE-2025-53770-Scanner | POC详情 |
| 20 | Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770) | https://github.com/MuhammadWaseem29/CVE-2025-53770 | POC详情 |
| 21 | Exploit tool for SharePoint WebPart Injection via ToolPane.aspx, enabling .NET deserialization and remote code execution. 🛠️🔍 Secure your SharePoint now! | https://github.com/bijikutu/CVE-2025-53770-Exploit | POC详情 |
| 22 | Explore the Microsoft SharePoint CVE-2025-53770 proof of concept. Learn about this vulnerability and its implications. 🐙💻 | https://github.com/Lapesha/CVE-2025-53770 | POC详情 |
| 23 | Scanner for CVE-2025-53770, a SharePoint vulnerability. Check if your server is vulnerable and extract version info. 🛠️🔍 | https://github.com/Hassanopop/CVE-2025-53770 | POC详情 |
| 24 | Identify exposure to the critical SharePoint vulnerability CVE-2025-53770 with this effective scanner tool. Secure your systems today! 🛡️🔍 | https://github.com/m4r1x/CVE-2025-53770-Scanner | POC详情 |
| 25 | Exploit & research for CVE‑2025‑53770 – a zero‑day remote code execution vulnerability in Microsoft SharePoint (on‑premises). | https://github.com/Kamal-Hegazi/CVE-2025-53770-SharePoint-RCE | POC详情 |
| 26 | A sophisticated, wizard-driven Python exploit tool targeting CVE-2025-53770, a critical (CVSS 9.8) unauthenticated remote code execution (RCE) vulnerability in on-premises Microsoft SharePoint Server (2016, 2019, Subscription Edition) | https://github.com/exfil0/CVE-2025-53770 | POC详情 |
| 27 | Scans Windows IIS logs for signs of CVE-2025-53770 & CVE-2025-53771 | https://github.com/zach115th/ToolShellFinder | POC详情 |
| 28 | Detection rules for CVE-2025-53770 | https://github.com/nisargsuthar/suricata-rule-CVE-2025-53770 | POC详情 |
| 29 | None | https://github.com/bharath-cyber-root/sharepoint-toolshell-cve-2025-53770 | POC详情 |
| 30 | Do you really think SharePoint is safe? | https://github.com/Rabbitbong/OurSharePoint-CVE-2025-53770 | POC详情 |
| 31 | None | https://github.com/Udyz/CVE-2025-53770-Exploit | POC详情 |
| 32 | Honeypot for CVE-2025-53770 aka ToolShell | https://github.com/a-hydrae/ToolShell-Honeypot | POC详情 |
| 33 | Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770) | https://github.com/0xray5c68616e37/cve-2025-53770 | POC详情 |
| 34 | None | https://github.com/BirdsAreFlyingCameras/CVE-2025-53770_Raw-HTTP-Request-Generator | POC详情 |
| 35 | An activity to train analysis skills and reporting | https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE | POC详情 |
| 36 | CVE-2025-53770 Mass Scanner | https://github.com/3a7/CVE-2025-53770 | POC详情 |
| 37 | None | https://github.com/r3xbugbounty/CVE-2025-53770 | POC详情 |
| 38 | None | https://github.com/daryllundy/CVE-2025-53770 | POC详情 |
| 39 | 🎯 Vulnerability scanner for SharePoint servers affected by CVE-2025-53770. Detects unsafe deserialization using ToolPane.aspx with a crafted base64+gzip payload. 🛡️ Developed by Ahmed Tamer. | https://github.com/0x-crypt/CVE-2025-53770-Scanner | POC详情 |
| 40 | None | https://github.com/Immersive-Labs-Sec/SharePoint-CVE-2025-53770-POC | POC详情 |
| 41 | A critical vulnerability in Microsoft SharePoint Server allows unauthenticated remote code execution via deserialization of untrusted data. Microsoft is aware of active exploitation; apply CVE mitigations immediately. Severity: Critical. | https://github.com/harryhaxor/CVE-2025-53770-SharePoint-Deserialization-RCE-PoC | POC详情 |
| 42 | None | https://github.com/SDX442/CVE-2025-53770 | POC详情 |
| 43 | None | https://github.com/Agampreet-Singh/CVE-2025-53770 | POC详情 |
| 44 | None | https://github.com/GreenForceNetworks/Toolshell_CVE-2025-53770 | POC详情 |
| 45 | None | https://github.com/CyprianAtsyor/ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend | POC详情 |
| 46 | CVE-2025-53770 - SharePoint | https://github.com/ghostn4444/CVE-2025-53770 | POC详情 |
| 47 | None | https://github.com/saladin0x1/CVE-2025-53770 | POC详情 |
| 48 | CVE-2025-53770 实验环境 | https://github.com/go-bi/sharepoint-CVE-2025-53770 | POC详情 |
| 49 | 🔍 Explore Microsoft SharePoint CVE-2025-53770 with this proof of concept for educational use, emphasizing security insights in authorized environments. | https://github.com/taqiaferdianshah/CVE-2025-53770 | POC详情 |
| 50 | 🛠️ Exploit Microsoft SharePoint WebPart Injection vulnerabilities for .NET deserialization and remote code execution using ToolPane.aspx. | https://github.com/yashz0007/CVE-2025-53770-Exploit | POC详情 |
| 51 | None | https://github.com/fentnttntnt/CVE-2025-53770 | POC详情 |
| 52 | 🔍 Scan for potential exposure to the critical SharePoint vulnerability CVE-2025-53770 with this simple and effective tool for authorized testing. | https://github.com/ziisenpai/CVE-2025-53770-Scanner | POC详情 |
| 53 | None | https://github.com/Michaael01/LetsDefend--SOC-342-CVE-2025-53770-SharePoint-Exploit-ToolShell | POC详情 |
| 54 | Exploit & research for CVE‑2025‑53770 – a zero‑day remote code execution vulnerability in Microsoft SharePoint (on‑premises). | https://github.com/0xh3g4z1/CVE-2025-53770-SharePoint-RCE | POC详情 |
| 55 | None | https://github.com/victormbogu1/LetsDefend-SOC342-CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-andRCE-EventID-320 | POC详情 |
| 56 | Honeypot for CVE-2025-53770 aka ToolShell | https://github.com/bitsalv/ToolShell-Honeypot | POC详情 |
| 57 | Reproducible incident micro-postmortem for on-prem Microsoft SharePoint “ToolShell” (CVE-2025-53770): ATT&CK snapshot, “logs that matter” table, three hunts (KQL/SPL/Sigma), first-4-hours comms, sample data, and figures. Built for fast triage; no org data; SharePoint Online out of scope. | https://github.com/Cameloo1/sharepoint-toolshell-micro-postmortem | POC详情 |
| 58 | CVE-2025-53770 | https://github.com/Ashwesker/Blackash-CVE-2025-53770 | POC详情 |
| 59 | CVE-2025-53770 | https://github.com/Ashwesker/Ashwesker-CVE-2025-53770 | POC详情 |
| 60 | None | https://github.com/anwakub/CVE-2025-53770 | POC详情 |
三、漏洞 CVE-2025-53770 的情报信息
标题: CVE-2025-53770 - Security Update Guide - Microsoft - Microsoft SharePoint Server Remote Code Execution Vulnerability -- 🔗来源链接
标签:vendor-advisory
神龙速读:### 关键信息 - **漏洞名称**: Microsoft SharePoint Server Remote Code Execution Vulnerability - **CVE编号**: CVE-2025-53770 - **发布日期**: 2025年7月19日 - **最后更新日期**: 2025年7月21日 - **分配的CNA**: Microsoft - **影响**: 远程代码执行 - **最大严重性**: 严重 - **弱点**: CWE-502: 反序列化不受信任的数据 - **CVSS源**: Microsoft - **向量字符串**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C - **度量值**: CVSS:3.1 9.8 / 9.3 #### 基本分数指标 (8) - 攻击向量: 网络 - 攻击复杂性: 低 - 所需权限: 无 - 用户交互: 无 - 范围: 不变 - 机密性: 高 - 完整性: 高 - 可用性: 高 #### 时间分数指标 (3) - 利用代码成熟度: 功能性
- https://nvd.nist.gov/vuln/detail/CVE-2025-53770
四、漏洞 CVE-2025-53770 的评论
暂无评论