Viettel Cyber Security - Security Researcher - Exploit Intelligence Platform

CVE-2025-53771 METASPLOIT MEDIUM ruby WORKING POC

Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS 6.5

View Code

CVE-2025-53770 METASPLOIT CRITICAL ruby WORKING POC

Microsoft SharePoint Server - Code Injection

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

CVSS 9.8

View Code

CVE-2025-49704 METASPLOIT HIGH ruby WORKING POC

Microsoft SharePoint Server - Remote Code Execution

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS 8.8

View Code

CVE-2025-49706 METASPLOIT MEDIUM ruby WORKING POC

Microsoft SharePoint Enterprise Server - Improper Authentication

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS 6.5

View Code