Microsoft SharePoint Insecure Deserialization Vulnerability

漏洞信息

漏洞名称: Microsoft SharePoint Insecure Deserialization Vulnerability

漏洞编号:

  • CVE: CVE-2025-53770

漏洞类型: 反序列化

漏洞等级: 高危

漏洞描述: ### 受影响产品
Microsoft SharePoint 是一款广泛使用的企业级协作平台,支持文档管理、团队协作和内容共享。它通常部署在企业内部网络或云环境中,用于提高团队的工作效率和信息共享。由于其广泛的应用,SharePoint 成为了攻击者的重要目标。

漏洞解释

该漏洞(CVE-2025-53770)属于反序列化漏洞,具体发生在 SharePoint 的 ToolPane.aspx 端点。攻击者可以通过发送特制的 base64+gzip 编码的 ViewState 载荷,触发不安全的反序列化过程。这种漏洞的根本原因在于 SharePoint 在处理 ViewState 数据时,未能正确验证和过滤用户输入,导致攻击者可以反射内部序列化对象,进而可能导致敏感数据泄露或远程代码执行(RCE)。

影响分析

此漏洞的严重性被评定为高危,因为它可能导致远程代码执行或敏感数据泄露。攻击者无需认证即可利用此漏洞,且可以通过自动化工具进行大规模扫描和攻击。由于 SharePoint 通常存储大量敏感企业数据,成功利用此漏洞可能导致严重的数据泄露、服务中断甚至企业网络被完全控制。因此,建议所有使用 SharePoint 的组织尽快检查并修复此漏洞,以防止潜在的安全风险。

产品厂商: Microsoft

产品名称: SharePoint

来源: https://github.com/0x-crypt/CVE-2025-53770-Scanner

类型: CVE-2025:github search

仓库文件

  • .gitignore
  • CVE-2025-53770_Scanner.py
  • LICENSE
  • README.md

来源概述

🛡️ CVE-2025-53770 SharePoint Vulnerability Scanner

A Python-based tool to detect vulnerable Microsoft SharePoint instances affected by CVE-2025-53770, an insecure deserialization vulnerability triggered via the ToolPane.aspx endpoint. The scanner sends a crafted, compressed ViewState payload to determine if the target leaks internal serialized objects.

🚀 Features

  • ✅ Detects SharePoint instances vulnerable to CVE-2025-53770
  • ✅ Supports scanning a single target or bulk URLs from a file
  • ✅ Uses a safe Scorecard:ExcelDataSet test payload
  • ✅ Decodes and decompresses reflected base64+gzip ViewState data
  • ✅ Minimal dependencies and works with standard tools (curl, base64, gzip)
  • ✅ Colored CLI output for easy identification

📖 CVE Details

  • CVE: CVE-2025-53770
  • Component: Microsoft SharePoint (ToolPane.aspx)
  • Vulnerability Type: Insecure Deserialization / Unsafe ViewState Reflection
  • Severity: High – May lead to sensitive data disclosure or remote code execution (RCE)
  • Test Marker: IntruderScannerDetectionPayload, ExcelDataSet, divWaiting, ProgressTemplate, Scorecard

🧑‍💻 Usage

1
2
3
4
5
6
7
8
9
## Scan a single SharePoint URL
python3 CVE-2025-53770_Scanner.py -u https://target.sharepoint.com

## Scan multiple URLs from a file
python3 CVE-2025-53770_Scanner.py -f targets.txt
````

**Example targets.txt file:**

https://intranet.company.com
https://sharepoint.university.edu
https://portal.corporate.net

1
2
3
4
5
6
7
8
9
10
11
12
13

---

### 📦 Requirements

* Python 3.x
* `curl`, `base64`, `gzip` installed and available in system path
* Python module: `colorama`

Install the Python dependency:

```bash
pip install colorama

🔍 Sample Output

1
2
[>] Scanning: https://vulnerable.sharepoint.com
[VULNERABLE] https://vulnerable.sharepoint.com returned payload marker!

📝 License

This project is licensed under the MIT License.

👤 Author

Ahmed Tamer
Cybersecurity Researcher | Bug Hunter | Red Teamer

⚠️ Ethical Disclaimer

This tool is developed for educational and authorized security testing purposes only.
You are not allowed to use this tool against systems you do not own or lack explicit permission to test.
Misuse of this software may result in criminal charges — use responsibly and ethically.

1

Github Poc
#反序列化 #CVE-2025:github search
Microsoft SharePoint Insecure Deserialization Vulnerability
http://example.com/2025/07/28/github_3117760559/
作者
lianccc
发布于
2025年7月28日
许可协议