SharePoint Remote Code Execution Vulnerability

漏洞信息

漏洞名称： SharePoint Remote Code Execution Vulnerability

漏洞编号：

• CVE： CVE-2025-53770

漏洞类型： 命令执行

漏洞等级： 高危

漏洞描述： 该漏洞针对Microsoft SharePoint产品，一个广泛用于企业协作和文档管理的平台。SharePoint作为企业级服务，支持团队协作、内容管理、业务流程自动化等功能，是企业内部信息共享和协作的重要工具。此次发现的漏洞允许攻击者通过未经认证的方式远程执行代码，属于命令执行类型。漏洞的技术根源在于SharePoint ToolBox小部件中的输入验证不足，攻击者可以通过注入特定的标记来利用此漏洞。如果攻击成功，攻击者可以在目标系统上执行任意代码，可能导致数据泄露、服务中断或其他恶意活动。由于该漏洞不需要认证即可利用，且可以自动化攻击，因此对使用受影响版本SharePoint的企业构成了严重的安全威胁。

产品厂商： Microsoft

产品名称： SharePoint

来源： https://github.com/hazcod/CVE-2025-53770

类型： CVE-2025:github search

仓库文件

• README.md
• cmd
• go.mod
• go.sum
• pkg

来源概述

CVE-2025-53770

This is a scanner for the SharePoint unauthenticated Remote Code Execution vulnerability, assigned CVE number CVE-2025-53770.

Use at your own risk, I am not responsible for any negative impact this might cause.

How does it work?

It tries to exploit the vulnerability by injecting a marker in the SharePoint ToolBox widget.
If in the response this unharmful marker is found, the host is marked as vulnerable.

How to use

## check if <TARGET-HOSTNAME> is vulnerable and try extract version information
% go run ./cmd/... <TARGET-HOSTNAME>
INFO[0000] set log level                                 fields.level=info
INFO[0000] starting scanner                              targets=1
INFO[0001] detected SharePoint version                   target=<REDACTED> version="MicrosoftSharePointTeamServices: 16.0.0.5469\n"
WARN[0001] target is vulnerable                          target=<REDACTED>

## turn on debug logging and try retrieving SharePoint version information
% go run ./cmd/... -log=debug -version <TARGET-HOSTNAME> 
...