一、 漏洞 CVE-2025-53770 基础信息
漏洞信息
                                        # Microsoft SharePoint 远程代码执行漏洞

## 概述

CVE-2025-53770 是一个存在于 Microsoft SharePoint Server on-premises 版本中的漏洞,攻击者可通过反序列化非受信数据,未经授权实现远程代码执行。

## 影响版本

受影响的为本地部署的 Microsoft SharePoint Server(具体版本尚未列出,需参考微软安全公告)。

## 细节

漏洞源于 SharePoint Server 在处理反序列化操作时未正确验证用户输入,导致攻击者可能通过网络发送特制数据以触发该问题,进而执行任意代码。

## 影响

攻击者可借此漏洞远程执行代码,可能导致系统被完全控制。微软确认该漏洞已有在野利用的 exploit 存在。

> ⚠️ **当前措施建议**:微软尚在开发完整补丁,用户应立即参照 CVE 文档中的建议应用相关的缓解措施。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Microsoft SharePoint Server Remote Code Execution Vulnerability
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
可信数据的反序列化
来源:美国国家漏洞数据库 NVD
漏洞标题
Microsoft SharePoint Server 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Microsoft SharePoint Server是美国微软(Microsoft)公司的一款协作平台。 Microsoft SharePoint Server存在安全漏洞,该漏洞源于反序列化不受信任数据,可能导致远程代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-53770 的公开POC
# POC 描述 源链接 神龙链接
1 Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-53770.yaml POC详情
2 Detects a persistent webshell named 'spinstall0.aspx' deployed on Microsoft SharePoint servers. This file exposes sensitive cryptographic machineKey values from the SharePoint configuration, indicating the presence of a ToolShell backdoor implant. This implant is linked to targeted post-auth RCE campaigns exploiting CVE-2025-53770. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/backdoor/sharepoint-toolshell-backdoor.yaml POC详情
3 CVE-2025-53770 https://github.com/B1ack4sh/Blackash-CVE-2025-53770 POC详情
4 A critical zero-day vulnerability CVE‑2025‑53770 has been actively exploited in the wild against on-premises Microsoft SharePoint Server. Dubbed "ToolShell," this exploit leverages a deserialization flaw (variant of CVE‑2025‑49706, CVSS: 6.3). https://github.com/RukshanaAlikhan/CVE-2025-53770 POC详情
5 None https://github.com/Bluefire-Redteam-Cybersecurity/bluefire-sharepoint-cve-2025-53770 POC详情
6 This PowerShell script detects indicators of compromise for CVE-2025-53770 — a critical RCE vulnerability in Microsoft SharePoint. Created by @n1chr0x and @BlackRazer67 https://github.com/n1chr0x/ZeroPoint POC详情
7 POC https://github.com/kaizensecurity/CVE-2025-53770 POC详情
8 A comprehensive security monitoring solution for SharePoint Server with specific protection against CVE-2025-53770 and other threats https://github.com/paolokappa/SharePointSecurityMonitor POC详情
9 SharePoint WebPart Injection Exploit Tool https://github.com/soltanali0/CVE-2025-53770-Exploit POC详情
10 Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability. https://github.com/hazcod/CVE-2025-53770 POC详情
11 ToolShell scanner - CVE-2025-53770 and detection information https://github.com/ZephrFish/CVE-2025-53770-Scanner POC详情
12 Hunting for Critical SharePoint Vulnerability CVE-2025-53770 https://github.com/siag-itsec/CVE-2025-53770-Hunting POC详情
13 Comprueba si un servidor SharePoint on-premises es vulnerable a CVE-2025-53770 https://github.com/grupooruss/CVE-2025-53770-Checker POC详情
14 None https://github.com/tripoloski1337/CVE-2025-53770-scanner POC详情
15 A critical zero-auth RCE vulnerability in SharePoint (CVE-2025-53770), now exploited in the wild, building directly on the spoofing flaw CVE-2025-49706. https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE POC详情
16 CVE-2025-53770 – Vulnerability Research & Exploitation https://github.com/b33b0y/CVE-2025-53770 POC详情
17 None https://github.com/GreenForceNetwork/Toolshell_CVE-2025-53770 POC详情
18 None https://github.com/imbas007/CVE-2025-53770-Vulnerable-Scanner POC详情
19 A Python-based reconnaissance scanner for safely identifying potential exposure to SharePoint vulnerability CVE-2025-53770. https://github.com/Sec-Dan/CVE-2025-53770-Scanner POC详情
20 Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770) https://github.com/MuhammadWaseem29/CVE-2025-53770 POC详情
21 Exploit tool for SharePoint WebPart Injection via ToolPane.aspx, enabling .NET deserialization and remote code execution. 🛠️🔍 Secure your SharePoint now! https://github.com/bijikutu/CVE-2025-53770-Exploit POC详情
22 Explore the Microsoft SharePoint CVE-2025-53770 proof of concept. Learn about this vulnerability and its implications. 🐙💻 https://github.com/Lapesha/CVE-2025-53770 POC详情
23 Scanner for CVE-2025-53770, a SharePoint vulnerability. Check if your server is vulnerable and extract version info. 🛠️🔍 https://github.com/Hassanopop/CVE-2025-53770 POC详情
24 Identify exposure to the critical SharePoint vulnerability CVE-2025-53770 with this effective scanner tool. Secure your systems today! 🛡️🔍 https://github.com/m4r1x/CVE-2025-53770-Scanner POC详情
25 Exploit & research for CVE‑2025‑53770 – a zero‑day remote code execution vulnerability in Microsoft SharePoint (on‑premises). https://github.com/Kamal-Hegazi/CVE-2025-53770-SharePoint-RCE POC详情
26 A sophisticated, wizard-driven Python exploit tool targeting CVE-2025-53770, a critical (CVSS 9.8) unauthenticated remote code execution (RCE) vulnerability in on-premises Microsoft SharePoint Server (2016, 2019, Subscription Edition) https://github.com/exfil0/CVE-2025-53770 POC详情
27 Scans Windows IIS logs for signs of CVE-2025-53770 & CVE-2025-53771 https://github.com/zach115th/ToolShellFinder POC详情
28 Detection rules for CVE-2025-53770 https://github.com/nisargsuthar/suricata-rule-CVE-2025-53770 POC详情
29 None https://github.com/bharath-cyber-root/sharepoint-toolshell-cve-2025-53770 POC详情
30 Do you really think SharePoint is safe? https://github.com/Rabbitbong/OurSharePoint-CVE-2025-53770 POC详情
31 None https://github.com/Udyz/CVE-2025-53770-Exploit POC详情
32 Honeypot for CVE-2025-53770 aka ToolShell https://github.com/a-hydrae/ToolShell-Honeypot POC详情
33 Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770) https://github.com/0xray5c68616e37/cve-2025-53770 POC详情
34 None https://github.com/BirdsAreFlyingCameras/CVE-2025-53770_Raw-HTTP-Request-Generator POC详情
35 An activity to train analysis skills and reporting https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE POC详情
36 CVE-2025-53770 Mass Scanner https://github.com/3a7/CVE-2025-53770 POC详情
37 None https://github.com/r3xbugbounty/CVE-2025-53770 POC详情
38 None https://github.com/daryllundy/CVE-2025-53770 POC详情
39 🎯 Vulnerability scanner for SharePoint servers affected by CVE-2025-53770. Detects unsafe deserialization using ToolPane.aspx with a crafted base64+gzip payload. 🛡️ Developed by Ahmed Tamer. https://github.com/0x-crypt/CVE-2025-53770-Scanner POC详情
40 None https://github.com/Immersive-Labs-Sec/SharePoint-CVE-2025-53770-POC POC详情
三、漏洞 CVE-2025-53770 的情报信息
四、漏洞 CVE-2025-53770 的评论

暂无评论

发表评论