SharePoint 反序列化远程代码执行漏洞
漏洞信息
漏洞名称: SharePoint 反序列化远程代码执行漏洞
漏洞编号:
- CVE: CVE-2025-53770
漏洞类型: 反序列化
漏洞等级: 高危
漏洞描述: 受影响产品: SharePoint是微软推出的一款企业级协作平台,广泛用于文档管理、团队协作和内容管理。它支持企业内部和外部的信息共享,是企业中常见的基础设施组件。由于其广泛的应用,SharePoint的安全性对企业信息安全至关重要。
漏洞解释: 该漏洞是一个反序列化远程代码执行(RCE)漏洞,存在于SharePoint中。攻击者可以通过构造恶意的序列化数据,利用SharePoint处理这些数据时的反序列化过程,执行任意代码。技术根源在于SharePoint在处理某些类型的输入时,未能充分验证和清理用户提供的数据,从而导致不安全的反序列化操作。
影响分析: 此漏洞允许攻击者在未授权的情况下远程执行任意代码,可能导致服务器被完全控制,数据泄露,或服务中断。由于漏洞利用链已经被公开,攻击者可以相对容易地构建攻击载荷,增加了被利用的风险。此外,漏洞利用不需要用户交互,可以自动化执行,进一步提高了其危险性。企业应立即评估其SharePoint部署的安全性,并应用相关补丁或缓解措施以防止潜在的攻击。
产品厂商: Microsoft
产品名称: SharePoint
来源: https://github.com/Immersive-Labs-Sec/SharePoint-CVE-2025-53770-POC
类型: CVE-2025:github search
仓库文件
- OurSharePoint.sln
- OurSharePoint
- README.md
来源概述
OurSharePoint - CVE-2025-53770 (PoC)
This is a simple C# tool that builds a GZipped, Base64-encoded .NET DataSet payload using a LosFormatter-encoded inner payload. It’s designed to help reproduce the SharePoint deserialization RCE chain described in public research.
What it does
You give it a Base64-encoded payload (like one from ysoserial.net), and it:
- Wraps it inside a valid .NET DataSet with a custom XML schema + diffgram
- Serializes the result using BinaryFormatter
- GZips the serialized blob
- Base64-encodes the result and writes it to a
.b64file
References
- https://research.eye.security/sharepoint-under-siege/
- https://github.com/rapid7/metasploit-framework/pull/20409/commits
Usage
First, generate your payload using ysoserial.net:
1 | |
Then run this tool:
1 | |
This will generate:
- exploit.bin - a raw serialized DataSet
- exploit.b64 - final GZipped and Base64-encoded payload thats ready for us
Also, if you dont specify --a, --b, or --c, the tool generates random lowercase names.
Notes
This tool does not validate or inspect the payload you give it.
If you're testing locally and deserialize manually, it may execute (e.g., pop calc).