漏洞描述: Microsoft SharePoint Server是一款广泛使用的企业级协作平台,支持文档管理、内容管理、社交网络等功能,常用于企业内部的信息共享和团队协作。该产品在全球范围内有着广泛的应用,尤其是在大型企业和组织中。此次发现的漏洞属于反序列化类型,攻击者可以通过网络向目标服务器发送特制的序列化数据,利用服务器在处理这些数据时的缺陷,实现远程代码执行。漏洞的根本原因在于服务器在处理未经信任的序列化数据时,未能进行充分的验证和过滤,导致攻击者可以构造恶意数据触发代码执行。由于该漏洞允许未经身份验证的攻击者通过网络进行利用,且存在公开的利用代码,因此被评级为严重级别。攻击者成功利用此漏洞后,可以完全控制受影响的SharePoint服务器,执行任意代码,访问敏感数据,甚至进一步渗透内网。微软已经意识到该漏洞的野外利用,并正在准备全面的更新来修复此问题。在此之前,建议用户按照CVE文档中提供的临时缓解措施进行防护,以避免遭受攻击。
info: name: Microsoft SharePoint Server - Remote Code Execution author: SamIntruder severity: critical description: | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. impact: | Unauthenticated attackers can exploit unsafe deserialization to achieve remote code execution on SharePoint Server, leading to full system compromise. remediation: | Apply the latest security patches from Microsoft or implement the temporary mitigations provided in the CVE documentation until a comprehensive update is available. reference: - https://nvd.nist.gov/vuln/detail/CVE-2025-53770 - https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ - https://github.com/hazcod/CVE-2025-53770/blob/main/pkg/payload/test_payload.go - https://x.com/codewhitesec/status/1944743478350557232 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2025-53770 cwe-id: CWE-502 metadata: verified:true max-request: 1 shodan-query: http.component:"sharepoint" tags: cve,cve2025,kev,sharepoint,rce,microsoft