CVE-2025-53770
Microsoft SharePoint Server Remote Code Execution Vulnerability
Em resumo
O Microsoft SharePoint Server tem uma falha crítica onde processa dados não confiáveis de forma insegura, permitindo que invasores executem código malicioso remotamente sem autorização. Este é um problema grave de segurança porque pode ser explorado pela internet para assumir controle total dos servidores afetados.
Detalhe técnico
O CVE-2025-53770 é uma vulnerabilidade de desserialização insegura (CWE-502) no Microsoft SharePoint Server local que permite execução remota de código sem autenticação. Atacantes podem explorar isso enviando requisições de rede elaboradas contendo objetos serializados maliciosos; o servidor desserializa entrada não confiável sem validação apropriada, resultando em execução de código arbitrário com privilégios de servidor. Exploração ativa foi reportada na natureza.
Resumo gerado e traduzido por IA a partir da descrição oficial.
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.
Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C
Produtos afetados
Microsoft · Microsoft SharePoint Enterprise Server 2016Microsoft · Microsoft SharePoint Server 2019Microsoft · Microsoft SharePoint Server Subscription EditionPoCs públicas encontradas — 45
githubgithub.com/soltanali0/CVE-2025-53770-Exploit★ 310githubgithub.com/MuhammadWaseem29/CVE-2025-53770★ 58githubgithub.com/hazcod/CVE-2025-53770★ 45githubgithub.com/kaizensecurity/CVE-2025-53770★ 43githubgithub.com/ZephrFish/CVE-2025-53770-Scanner★ 18githubgithub.com/3a7/CVE-2025-53770★ 15githubgithub.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE★ 11githubgithub.com/exfil0/CVE-2025-53770★ 5githubgithub.com/Immersive-Labs-Sec/SharePoint-CVE-2025-53770-POC★ 4githubgithub.com/saladin0x1/CVE-2025-53770★ 4githubgithub.com/Bluefire-Redteam-Cybersecurity/bluefire-sharepoint-cve-2025-53770★ 3githubgithub.com/Sec-Dan/CVE-2025-53770-Scanner★ 2githubgithub.com/Rabbitbong/OurSharePoint-CVE-2025-53770★ 2githubgithub.com/harryhaxor/CVE-2025-53770-SharePoint-Deserialization-RCE-PoC★ 1githubgithub.com/imbas007/CVE-2025-53770-Vulnerable-Scanner★ 1githubgithub.com/paolokappa/SharePointSecurityMonitor★ 1githubgithub.com/Cameloo1/sharepoint-toolshell-micro-postmortem★ 1githubgithub.com/tripoloski1337/CVE-2025-53770-scanner★ 1githubgithub.com/grupooruss/CVE-2025-53770-Checker★ 1githubgithub.com/Zedocun/SharePoint-ToolShell-CVE-2025-53770-Incident-Analysis★ 1githubgithub.com/Udyz/CVE-2025-53770-Exploit★ 1githubgithub.com/J4ck3LSyN-Gen2/CVE-2025-53770★ 0githubgithub.com/doerrdan/it-sec-toolshell★ 0githubgithub.com/CyprianAtsyor/ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend★ 0githubgithub.com/RukshanaAlikhan/CVE-2025-53770★ 0githubgithub.com/yosasasutsut/Blackash-CVE-2025-53770★ 0githubgithub.com/gmh5225/ZeroPoint★ 0githubgithub.com/siag-itsec/CVE-2025-53770-Hunting★ 0githubgithub.com/GreenForceNetworks/Toolshell_CVE-2025-53770★ 0githubgithub.com/0xray5c68616e37/cve-2025-53770★ 0githubgithub.com/zach115th/ToolShellFinder★ 0githubgithub.com/nisargsuthar/suricata-rule-CVE-2025-53770★ 0githubgithub.com/bharath-cyber-root/sharepoint-toolshell-cve-2025-53770★ 0githubgithub.com/bitsalv/ToolShell-Honeypot★ 0githubgithub.com/BirdsAreFlyingCameras/CVE-2025-53770_Raw-HTTP-Request-Generator★ 0githubgithub.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE★ 0githubgithub.com/r3xbugbounty/CVE-2025-53770★ 0githubgithub.com/daryllundy/CVE-2025-53770★ 0githubgithub.com/0xisfet/CVE-2025-53770-Scanner★ 0githubgithub.com/Agampreet-Singh/CVE-2025-53770★ 0githubgithub.com/ghostn4444/CVE-2025-53770★ 0githubgithub.com/Michaael01/LetsDefend--SOC-342-CVE-2025-53770-SharePoint-Exploit-ToolShell★ 0githubgithub.com/victormbogu1/LetsDefend-SOC342-CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-andRCE-EventID-320★ 0githubgithub.com/rbctee/CVE-2025-53770★ 0exploitdbwww.exploit-db.com/exploits/52405não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://arstechnica.com/security/2025/07/sharepoint-vulnerability-with-9-8-severity-rating-is-under-exploit-across-the-globe/https://github.com/kaizensecurity/CVE-2025-53770https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770https://news.ycombinator.com/item?id=44629710https://research.eye.security/sharepoint-under-siege/https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globallyhttps://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53770https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770https://www.darkreading.com/remote-workforce/microsoft-rushes-emergency-fix-exploited-sharepoint-toolshell-flawhttps://www.forbes.com/sites/daveywinder/2025/07/20/microsoft-confirms-ongoing-mass-sharepoint-attack---no-patch-available/