CVE-2025-53770
Microsoft SharePoint Server Remote Code Execution Vulnerability
En resumen
Microsoft SharePoint Server tiene una falla crítica donde procesa datos no confiables de forma insegura, permitiendo que atacantes ejecuten código malicioso remotamente sin autorización. Este es un problema grave de seguridad porque puede ser explotado a través de internet para tomar control total de los servidores afectados.
Detalle técnico
CVE-2025-53770 es una vulnerabilidad de deserialización insegura (CWE-502) en Microsoft SharePoint Server local que permite ejecución remota de código sin autenticación. Los atacantes pueden explotarla enviando solicitudes de red especialmente elaboradas con objetos serializados maliciosos; el servidor deserializa entrada no confiable sin validación apropiada, resultando en ejecución de código arbitrario con privilegios de servidor. Se ha reportado explotación activa en la naturaleza.
Resumen generado y traducido por IA a partir de la descripción oficial.
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C
Productos afectados
Microsoft · Microsoft SharePoint Enterprise Server 2016Microsoft · Microsoft SharePoint Server 2019Microsoft · Microsoft SharePoint Server Subscription EditionPoCs públicas encontradas — 45
githubgithub.com/soltanali0/CVE-2025-53770-Exploit★ 310githubgithub.com/MuhammadWaseem29/CVE-2025-53770★ 58githubgithub.com/hazcod/CVE-2025-53770★ 45githubgithub.com/kaizensecurity/CVE-2025-53770★ 43githubgithub.com/ZephrFish/CVE-2025-53770-Scanner★ 18githubgithub.com/3a7/CVE-2025-53770★ 15githubgithub.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE★ 11githubgithub.com/exfil0/CVE-2025-53770★ 5githubgithub.com/Immersive-Labs-Sec/SharePoint-CVE-2025-53770-POC★ 4githubgithub.com/saladin0x1/CVE-2025-53770★ 4githubgithub.com/Bluefire-Redteam-Cybersecurity/bluefire-sharepoint-cve-2025-53770★ 3githubgithub.com/Sec-Dan/CVE-2025-53770-Scanner★ 2githubgithub.com/Rabbitbong/OurSharePoint-CVE-2025-53770★ 2githubgithub.com/harryhaxor/CVE-2025-53770-SharePoint-Deserialization-RCE-PoC★ 1githubgithub.com/imbas007/CVE-2025-53770-Vulnerable-Scanner★ 1githubgithub.com/paolokappa/SharePointSecurityMonitor★ 1githubgithub.com/Cameloo1/sharepoint-toolshell-micro-postmortem★ 1githubgithub.com/tripoloski1337/CVE-2025-53770-scanner★ 1githubgithub.com/grupooruss/CVE-2025-53770-Checker★ 1githubgithub.com/Zedocun/SharePoint-ToolShell-CVE-2025-53770-Incident-Analysis★ 1githubgithub.com/Udyz/CVE-2025-53770-Exploit★ 1githubgithub.com/J4ck3LSyN-Gen2/CVE-2025-53770★ 0githubgithub.com/doerrdan/it-sec-toolshell★ 0githubgithub.com/CyprianAtsyor/ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend★ 0githubgithub.com/RukshanaAlikhan/CVE-2025-53770★ 0githubgithub.com/yosasasutsut/Blackash-CVE-2025-53770★ 0githubgithub.com/gmh5225/ZeroPoint★ 0githubgithub.com/siag-itsec/CVE-2025-53770-Hunting★ 0githubgithub.com/GreenForceNetworks/Toolshell_CVE-2025-53770★ 0githubgithub.com/0xray5c68616e37/cve-2025-53770★ 0githubgithub.com/zach115th/ToolShellFinder★ 0githubgithub.com/nisargsuthar/suricata-rule-CVE-2025-53770★ 0githubgithub.com/bharath-cyber-root/sharepoint-toolshell-cve-2025-53770★ 0githubgithub.com/bitsalv/ToolShell-Honeypot★ 0githubgithub.com/BirdsAreFlyingCameras/CVE-2025-53770_Raw-HTTP-Request-Generator★ 0githubgithub.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE★ 0githubgithub.com/r3xbugbounty/CVE-2025-53770★ 0githubgithub.com/daryllundy/CVE-2025-53770★ 0githubgithub.com/0xisfet/CVE-2025-53770-Scanner★ 0githubgithub.com/Agampreet-Singh/CVE-2025-53770★ 0githubgithub.com/ghostn4444/CVE-2025-53770★ 0githubgithub.com/Michaael01/LetsDefend--SOC-342-CVE-2025-53770-SharePoint-Exploit-ToolShell★ 0githubgithub.com/victormbogu1/LetsDefend-SOC342-CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-andRCE-EventID-320★ 0githubgithub.com/rbctee/CVE-2025-53770★ 0exploitdbwww.exploit-db.com/exploits/52405no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/https://github.com/kaizensecurity/CVE-2025-53770https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770https://news.ycombinator.com/item?id=44629710https://research.eye.security/sharepoint-under-siege/https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globallyhttps://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flawhttps://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/