Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
PoC: CVE-2025-53770-Exploit
SharePoint WebPart Injection Exploit Tool
PoC: CVE-2025-53770
CVE-2025-53770 Mass Scanner
PoC: CVE-2025-53770-SharePoint-RCE
Exploit & research for CVE‑2025‑53770 – a zero‑day remote code execution vulnerability in Microsoft SharePoint (on‑premises).
PoC: OurSharePoint-CVE-2025-53770
Do you really think SharePoint is safe?
PoC: CVE-2025-53770-SharePoint-RCE
Exploit & research write‑up for CVE‑2025‑53770 – a zero‑day remote code execution vulnerability in Microsoft SharePoint (on‑premises).
PoC: CVE-2025-53770-Scanner
A Python-based reconnaissance scanner for safely identifying potential exposure to SharePoint vulnerability CVE-2025-53770.
PoC: CVE-2025-53770
CVE-2025-53770 – Vulnerability Research & Exploitation
PoC: CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE
A critical zero-auth RCE vulnerability in SharePoint (CVE-2025-53770), now exploited in the wild, building directly on the spoofing flaw CVE-2025-49706.
PoC: CVE-2025-53770-Scanner
ToolShell scanner - CVE-2025-53770 and detection information
PoC: CVE-2025-53770
Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability.
PoC: CVE-2025-53770
POC
PoC: it-sec-toolshell
A Marp slide deck about CVE-2025-53770
PoC: SharePoint-ToolShell-CVE-2025-53770-Incident-Analysis
Technical analysis of a SharePoint ToolShell (CVE-2025-53770) exploitation attempt involving RCE, webshell deployment, and MachineKey extraction.
PoC: CVE-2025-53770
Lab & PoC
PoC: CVE-2025-53770
Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability (fork from hazcod/CVE-2025-53770)
PoC: sharepoint-toolshell-micro-postmortem
Reproducible incident micro-postmortem for on-prem Microsoft SharePoint “ToolShell” (CVE-2025-53770): ATT&CK snapshot, “logs that matter” table, three hunts (KQL/SPL/Sigma), first-4-hours comms, sample data, and figures. Built for fast triage; no org data; SharePoint Online out of scope.
PoC: CVE-2025-53770-Scanner
🔍 Scan for potential exposure to the critical SharePoint vulnerability CVE-2025-53770 with this simple and effective tool for authorized testing.
PoC: sharepoint-CVE-2025-53770
CVE-2025-53770 实验环境
PoC: CVE-2025-53770
CVE-2025-53770 - SharePoint
PoC: CVE-2025-53770-SharePoint-Deserialization-RCE-PoC
A critical vulnerability in Microsoft SharePoint Server allows unauthenticated remote code execution via deserialization of untrusted data. Microsoft is aware of active exploitation; apply CVE mitigations immediately. Severity: Critical.
PoC: CVE-2025-53770-Scanner
🎯 Vulnerability scanner for SharePoint servers affected by CVE-2025-53770. Detects unsafe deserialization using ToolPane.aspx with a crafted base64+gzip payload. 🛡️ Developed by Ahmed Tamer.
PoC: CVE-2025-53770
Tools for detecting and assessing systems vulnerable to CVE-2025-53770 (CWE-502: Deserialization of Untrusted Data).
PoC: -SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
An activity to train analysis skills and reporting
PoC: sharepoint-toolpane
Sharepoint ToolPane - CVE-2025-53770 & CVE-2025-53771
PoC: CVE-2025-53770_Raw-HTTP-Request-Generator
Just a quick script I cooked up to exploit CVE-2025-53770
PoC: ToolShell-Honeypot
Honeypot for CVE-2025-53770 aka ToolShell
PoC: cve-2025-53770-
?
PoC: suricata-rule-CVE-2025-53770
Detection rules for CVE-2025-53770
PoC: ToolShellFinder
Scans Windows IIS logs for signs of CVE-2025-53770 & CVE-2025-53771
PoC: CVE-2025-53770
A sophisticated, wizard-driven Python exploit tool targeting CVE-2025-53770, a critical (CVSS 9.8) unauthenticated remote code execution (RCE) vulnerability in on-premises Microsoft SharePoint Server (2016, 2019, Subscription Edition)
PoC: CVE-2025-53770-Scanner
Identify exposure to the critical SharePoint vulnerability CVE-2025-53770 with this effective scanner tool. Secure your systems today! 🛡️🔍
PoC: CVE-2025-53770
Scanner for CVE-2025-53770, a SharePoint vulnerability. Check if your server is vulnerable and extract version info. 🛠️🔍
PoC: CVE-2025-53770
Explore the Microsoft SharePoint CVE-2025-53770 proof of concept. Learn about this vulnerability and its implications. 🐙💻
PoC: CVE-2025-53770-Exploit
Exploit tool for SharePoint WebPart Injection via ToolPane.aspx, enabling .NET deserialization and remote code execution. 🛠️🔍 Secure your SharePoint now!
PoC: cve-2025-53770
Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770)
PoC: CVE-2025-53770
Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770)
PoC: ToolShell-Honeypot
Honeypot for CVE-2025-53770 aka ToolShell
PoC: CVE-2025-53770-Checker
Comprueba si un servidor SharePoint on-premises es vulnerable a CVE-2025-53770
PoC: CVE-2025-53770-Hunting
Hunting for Critical SharePoint Vulnerability CVE-2025-53770
PoC: ZeroPoint
This PowerShell script detects indicators of compromise for CVE-2025-53770 — a critical RCE vulnerability in Microsoft SharePoint. Created by @n1chr0x and @BlackRazer67
PoC: SharePointSecurityMonitor
A comprehensive security monitoring solution for SharePoint Server with specific protection against CVE-2025-53770 and other threats
PoC: Blackash-CVE-2025-53770
CVE-2025-53770
PoC: Zeropoint
This PowerShell script detects indicators of compromise for CVE-2025-53770 — a critical RCE vulnerability in Microsoft SharePoint. Created by @n1chr0x and @BlackRazer67
PoC: CVE-2025-53770
A critical zero-day vulnerability CVE‑2025‑53770 has been actively exploited in the wild against on-premises Microsoft SharePoint Server. Dubbed "ToolShell," this exploit leverages a deserialization flaw (variant of CVE‑2025‑49706, CVSS: 6.3).
PoC: Blackash-CVE-2025-53770
CVE-2025-53770
PoC: CVE-2025-53770-Exploit
🛠️ Exploit Microsoft SharePoint WebPart Injection vulnerabilities for .NET deserialization and remote code execution using ToolPane.aspx.
PoC: CVE-2025-53770
🔍 Explore Microsoft SharePoint CVE-2025-53770 with this proof of concept for educational use, emphasizing security insights in authorized environments.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free