来源

关联漏洞

介绍

# CVE-2025-53770 – Microsoft SharePoint Server 2019 Unauthenticated RCE via Deserialization

![CVE-2025-53770](https://img.shields.io/badge/CVE-2025--53770-critical-red)
![RCE](https://img.shields.io/badge/exploit-RCE-blue)
![Status](https://img.shields.io/badge/status-verified-success)

> **Exploit Author:** [Agampreet Singh](https://github.com/Agampreet-Singh)  
> **Tool:** RedRoot (https://github.com/Agampreet-Singh/RedRoot)  
> **Date:** August 7, 2025  
> **Tested On:** SharePoint Server 2019 (v16.0.10383.20020) on Windows Server 2019  
> **CVE-ID:** [CVE-2025-53770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53770)  
> **Vulnerability Type:** Unauthenticated Remote Code Execution (RCE)  
> **Attack Vector:** Unsafe .NET deserialization via `Scorecard:ExcelDataSet` in `ToolPane.aspx`

---

## 🧠 Summary

An unauthenticated remote code execution vulnerability was discovered in **Microsoft SharePoint Server 2019**, specifically within the `ToolPane.aspx` endpoint. This flaw arises from unsafe deserialization of the `Scorecard:ExcelDataSet` control, which allows attackers to inject a GZip-compressed and Base64-encoded .NET object that gets deserialized server-side, leading to arbitrary code execution.

---

---

## ⚙️ Affected Version

- Microsoft SharePoint Server 2019  
  Version: `16.0.10383.20020`

---

## 💥 Exploitation

### Prerequisites

- No authentication required
- Target must be running a vulnerable SharePoint version
- Python 3.x

### Exploit Usage

```bash
python3 cve-2025-53770.py https://target-sharepoint.com

文件快照

 [4.0K]  /data/pocs/0882537aa9d1d3539c68d2df8949e050bd5f0484
├── [4.0K]  cve-2025-53770.py
└── [1.5K]  README.md

0 directories, 2 files

备注