CVE-2025-53770CISA KEV: Actively Exploited

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Published Jul 20, 2025·Updated Jul 20, 2025

Description

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

Public Exploits & PoCs47 found

PoC: CVE-2025-53770-Exploit

SharePoint WebPart Injection Exploit Tool

13

PoC: CVE-2025-53770

CVE-2025-53770 Mass Scanner

2

PoC: CVE-2025-53770-SharePoint-RCE

Exploit & research for CVE‑2025‑53770 – a zero‑day remote code execution vulnerability in Microsoft SharePoint (on‑premises).

1

PoC: OurSharePoint-CVE-2025-53770

Do you really think SharePoint is safe?

1

PoC: CVE-2025-53770-SharePoint-RCE

Exploit & research write‑up for CVE‑2025‑53770 – a zero‑day remote code execution vulnerability in Microsoft SharePoint (on‑premises).

1

PoC: CVE-2025-53770-Scanner

A Python-based reconnaissance scanner for safely identifying potential exposure to SharePoint vulnerability CVE-2025-53770.

1

PoC: CVE-2025-53770

CVE-2025-53770 – Vulnerability Research & Exploitation

1

PoC: CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE

A critical zero-auth RCE vulnerability in SharePoint (CVE-2025-53770), now exploited in the wild, building directly on the spoofing flaw CVE-2025-49706.

1

PoC: CVE-2025-53770-Scanner

ToolShell scanner - CVE-2025-53770 and detection information

1

PoC: CVE-2025-53770

Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability.

1

PoC: CVE-2025-53770

POC

1

PoC: it-sec-toolshell

A Marp slide deck about CVE-2025-53770

PoC: SharePoint-ToolShell-CVE-2025-53770-Incident-Analysis

Technical analysis of a SharePoint ToolShell (CVE-2025-53770) exploitation attempt involving RCE, webshell deployment, and MachineKey extraction.

PoC: CVE-2025-53770

Lab & PoC

PoC: CVE-2025-53770

Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability (fork from hazcod/CVE-2025-53770)

PoC: sharepoint-toolshell-micro-postmortem

Reproducible incident micro-postmortem for on-prem Microsoft SharePoint “ToolShell” (CVE-2025-53770): ATT&CK snapshot, “logs that matter” table, three hunts (KQL/SPL/Sigma), first-4-hours comms, sample data, and figures. Built for fast triage; no org data; SharePoint Online out of scope.

PoC: CVE-2025-53770-Scanner

🔍 Scan for potential exposure to the critical SharePoint vulnerability CVE-2025-53770 with this simple and effective tool for authorized testing.

PoC: sharepoint-CVE-2025-53770

CVE-2025-53770 实验环境

PoC: CVE-2025-53770

CVE-2025-53770 - SharePoint

PoC: CVE-2025-53770-SharePoint-Deserialization-RCE-PoC

A critical vulnerability in Microsoft SharePoint Server allows unauthenticated remote code execution via deserialization of untrusted data. Microsoft is aware of active exploitation; apply CVE mitigations immediately. Severity: Critical.

PoC: CVE-2025-53770-Scanner

🎯 Vulnerability scanner for SharePoint servers affected by CVE-2025-53770. Detects unsafe deserialization using ToolPane.aspx with a crafted base64+gzip payload. 🛡️ Developed by Ahmed Tamer.

PoC: CVE-2025-53770

Tools for detecting and assessing systems vulnerable to CVE-2025-53770 (CWE-502: Deserialization of Untrusted Data).

PoC: -SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE

An activity to train analysis skills and reporting

PoC: sharepoint-toolpane

Sharepoint ToolPane - CVE-2025-53770 & CVE-2025-53771

PoC: CVE-2025-53770_Raw-HTTP-Request-Generator

Just a quick script I cooked up to exploit CVE-2025-53770

PoC: ToolShell-Honeypot

Honeypot for CVE-2025-53770 aka ToolShell

PoC: cve-2025-53770-

?

PoC: suricata-rule-CVE-2025-53770

Detection rules for CVE-2025-53770

PoC: ToolShellFinder

Scans Windows IIS logs for signs of CVE-2025-53770 & CVE-2025-53771

PoC: CVE-2025-53770

A sophisticated, wizard-driven Python exploit tool targeting CVE-2025-53770, a critical (CVSS 9.8) unauthenticated remote code execution (RCE) vulnerability in on-premises Microsoft SharePoint Server (2016, 2019, Subscription Edition)

PoC: CVE-2025-53770-Scanner

Identify exposure to the critical SharePoint vulnerability CVE-2025-53770 with this effective scanner tool. Secure your systems today! 🛡️🔍

PoC: CVE-2025-53770

Scanner for CVE-2025-53770, a SharePoint vulnerability. Check if your server is vulnerable and extract version info. 🛠️🔍

PoC: CVE-2025-53770

Explore the Microsoft SharePoint CVE-2025-53770 proof of concept. Learn about this vulnerability and its implications. 🐙💻

PoC: CVE-2025-53770-Exploit

Exploit tool for SharePoint WebPart Injection via ToolPane.aspx, enabling .NET deserialization and remote code execution. 🛠️🔍 Secure your SharePoint now!

PoC: cve-2025-53770

Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770)

PoC: CVE-2025-53770

Unauthenticated Remote Code Execution via unsafe deserialization in Microsoft SharePoint Server (CVE-2025-53770)

PoC: ToolShell-Honeypot

Honeypot for CVE-2025-53770 aka ToolShell

PoC: CVE-2025-53770-Checker

Comprueba si un servidor SharePoint on-premises es vulnerable a CVE-2025-53770

PoC: CVE-2025-53770-Hunting

Hunting for Critical SharePoint Vulnerability CVE-2025-53770

PoC: ZeroPoint

This PowerShell script detects indicators of compromise for CVE-2025-53770 — a critical RCE vulnerability in Microsoft SharePoint. Created by @n1chr0x and @BlackRazer67

PoC: SharePointSecurityMonitor

A comprehensive security monitoring solution for SharePoint Server with specific protection against CVE-2025-53770 and other threats

PoC: Blackash-CVE-2025-53770

CVE-2025-53770

PoC: Zeropoint

This PowerShell script detects indicators of compromise for CVE-2025-53770 — a critical RCE vulnerability in Microsoft SharePoint. Created by @n1chr0x and @BlackRazer67

PoC: CVE-2025-53770

A critical zero-day vulnerability CVE‑2025‑53770 has been actively exploited in the wild against on-premises Microsoft SharePoint Server. Dubbed "ToolShell," this exploit leverages a deserialization flaw (variant of CVE‑2025‑49706, CVSS: 6.3).

PoC: Blackash-CVE-2025-53770

CVE-2025-53770

PoC: CVE-2025-53770-Exploit

🛠️ Exploit Microsoft SharePoint WebPart Injection vulnerabilities for .NET deserialization and remote code execution using ToolPane.aspx.

PoC: CVE-2025-53770

🔍 Explore Microsoft SharePoint CVE-2025-53770 with this proof of concept for educational use, emphasizing security insights in authorized environments.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free