CVE-2025-53770

This exploit leverages unsafe deserialization in SharePoint Server 2019's ToolPane.aspx via the Scorecard:ExcelDataSet control to achieve unauthenticated RCE. It extracts and decodes a compressed payload from the response.

This repository contains a functional exploit for CVE-2025-53770, targeting a .NET deserialization vulnerability in Microsoft SharePoint via the ToolPane.aspx endpoint. The exploit includes a Python-based tool for injecting malicious WebParts and a .NET utility (YSLosf) for generating serialized payloads.

The repository provides a functional exploit PoC for CVE-2025-53770, demonstrating unauthenticated remote code execution via unsafe deserialization in Microsoft SharePoint Server. The PoC includes a crafted HTTP request with a malicious payload targeting a vulnerable endpoint, along with commands to decode and extract the payload.

This repository contains a scanner for CVE-2025-53770, a SharePoint unauthenticated RCE vulnerability. It checks for vulnerability by injecting a marker in the SharePoint ToolBox widget and detecting its presence in the server response.

The repository contains only a README with a disclaimer and an image link, lacking any technical details or exploit code. It appears to be a placeholder or lure without substantive content.

This repository contains a scanner for CVE-2025-53770, a deserialization vulnerability in SharePoint's ExcelDataSet component. The scanner detects vulnerable instances by analyzing responses to crafted POST requests and identifying machine key extraction patterns and secondary payload deployment.

The repository contains a Python script that scans for CVE-2025-53770, an unauthenticated RCE vulnerability in Microsoft SharePoint. It checks for specific headers and responses to determine if a target is vulnerable but does not include exploit code.

This repository provides a detailed technical analysis of CVE-2025-53770, an unauthenticated RCE vulnerability in Microsoft SharePoint, including root cause, attack flow, and mitigation strategies. It references real-world exploitation and connects it to CVE-2025-49706.

This repository contains a functional exploit for CVE-2025-53770, targeting a SharePoint ToolPane vulnerability that allows unauthenticated remote code execution via authentication bypass and unsafe deserialization. It includes Python-based exploit code, a scanner for vulnerable targets, and detailed analysis tools.

This repository contains a functional C# tool that generates a malicious .NET DataSet payload for CVE-2025-53770, a SharePoint deserialization vulnerability. The tool wraps a ysoserial.net-generated payload in a custom XML schema and diffgram, serializes it using BinaryFormatter, and outputs a GZipped Base64-encoded payload.

The repository contains a functional Python exploit tool for CVE-2025-53770, targeting unauthenticated RCE in Microsoft SharePoint Server via deserialization in `/_layouts/15/ToolPane.aspx`. It includes features for reconnaissance, payload generation, bypasses, and verification.

This repository contains detection and remediation scripts for CVE-2025-53770, a deserialization vulnerability in Microsoft SharePoint Server. It includes PowerShell scripts to detect vulnerable versions, check for patches, and remediate by enabling AMSI and rotating MachineKeys.

This repository contains a functional C# tool that generates a malicious .NET DataSet payload for CVE-2025-53770, leveraging a LosFormatter deserialization gadget chain. The tool wraps a ysoserial.net payload in a custom XML schema and diffgram, serializes it, and outputs a GZipped Base64-encoded payload for exploitation.

This repository contains a Python-based scanner for detecting potential exposure to CVE-2025-53770, a critical SharePoint vulnerability. The tool performs subdomain enumeration and checks for signs of vulnerability without exploiting it.

This repository provides a detailed technical advisory for CVE-2025-53770, a critical remote code execution vulnerability in Microsoft SharePoint Server due to deserialization of untrusted data. It includes vulnerability details, impact analysis, mitigation steps, and references to official resources.

This repository provides a detailed postmortem analysis of the 'ToolShell' campaign targeting Microsoft SharePoint Server (on-prem) via CVE-2025-53770, including detection hunts, communication templates, and technical breakdowns of the attack flow. It emphasizes deserialization abuse, webshell deployment, and lateral movement techniques.

This repository contains PowerShell scripts and workflows for a SharePoint security monitoring tool, focusing on modular architecture and demonstration of security monitoring capabilities. It does not contain exploit code but provides detailed technical documentation and scripts for security monitoring.

This repository contains a Python-based scanner for detecting CVE-2025-53770 in SharePoint hosts. It uses custom payloads and detection rules to identify vulnerable systems, routing traffic through Burp Suite for analysis.

The repository contains a Python script designed to scan for CVE-2025-53770 by checking the availability of a specific SharePoint endpoint. It does not include exploit code but verifies the presence of a vulnerable endpoint.

This repository contains a detailed technical presentation and analysis of CVE-2025-53770, a critical SharePoint vulnerability. It includes slides covering the attack vector, technical workflow, mitigation steps, and lessons learned, but no functional exploit code.

This repository provides a detailed incident analysis of CVE-2025-53770, documenting the exploitation chain, including RCE, webshell deployment, and credential extraction in SharePoint. It includes IOCs, MITRE ATT&CK mappings, and a timeline but lacks functional exploit code.

This repository contains a scanner for CVE-2025-53770, an unauthenticated SharePoint RCE vulnerability. It checks for vulnerability by injecting a harmless marker and detecting its presence in the server response, without executing malicious payloads.

This repository contains a PowerShell script designed to scan IIS logs for indicators of compromise (IoCs) related to CVE-2025-53770 and CVE-2025-53771 in Microsoft SharePoint. It does not exploit the vulnerabilities but detects potential exploitation attempts by analyzing log patterns.

This repository contains a detailed technical analysis of CVE-2025-53770, a SharePoint zero-day vulnerability (ToolShell) that allows unauthenticated RCE via crafted POST requests to ToolPane.aspx. The writeup includes forensic steps, containment actions, and a breakdown of the attack process, but does not include functional exploit code.

This repository provides a detailed technical analysis of CVE-2025-53770, a critical SharePoint vulnerability involving unauthenticated RCE via insecure deserialization and MachineKey abuse. It includes attack chain breakdown, endpoint analysis, and IoCs but lacks functional exploit code.

This repository contains detection scripts for identifying systems vulnerable to CVE-2025-53770, a deserialization vulnerability. It includes both PowerShell and Python implementations for scanning networks and generating structured JSON reports.

This repository contains a functional exploit for CVE-2025-53770, targeting SharePoint Server 2019 via a deserialization vulnerability in the ToolPane.aspx endpoint. The exploit constructs a multi-stage payload involving base64 encoding, gzip compression, and PowerShell execution to achieve remote code execution (RCE).

This repository contains a functional proof-of-concept exploit for CVE-2025-53770, a critical deserialization vulnerability in Microsoft SharePoint Server. The exploit demonstrates remote code execution by leveraging insecure deserialization and an authentication bypass via HTTP header manipulation.

This repository provides a detailed technical analysis of CVE-2025-53770, a critical deserialization vulnerability in Microsoft SharePoint Server. It includes an attack breakdown, PowerShell payload analysis, and forensic steps taken during a LetsDefend lab exercise.

This repository contains a bash script that checks for the presence of CVE-2025-53770, a SharePoint deserialization vulnerability, by sending a crafted payload to the target endpoint and verifying the response. It does not execute arbitrary code but confirms vulnerability by detecting a specific string in the response.

This repository contains a functional exploit for CVE-2025-53770, demonstrating unauthenticated RCE in Microsoft SharePoint Server 2019 via unsafe .NET deserialization in the `Scorecard:ExcelDataSet` control within `ToolPane.aspx`. The exploit sends a crafted payload to trigger deserialization and extracts the response for analysis.

This repository contains a functional exploit for CVE-2025-53770, a critical deserialization vulnerability in Microsoft SharePoint Server. The PoC demonstrates unauthenticated remote code execution by sending a crafted POST request with a malicious payload embedded in the 'MSOTlPn_DWP' parameter.

This repository is a Docker-based honeypot designed to detect and log exploitation attempts against Microsoft SharePoint vulnerabilities, including CVE-2025-53770. It does not contain exploit code but provides advanced detection mechanisms such as YARA rules, tag-based classification, and payload analysis.

The repository contains a Python-based scanner for detecting CVE-2025-53770, an insecure deserialization vulnerability in Microsoft SharePoint. It sends a crafted payload to the `ToolPane.aspx` endpoint and checks for specific markers in the response to determine vulnerability.

This repository contains a Python-based scanner for detecting CVE-2025-53770, an insecure deserialization vulnerability in Microsoft SharePoint. The tool sends a crafted payload to the `ToolPane.aspx` endpoint and checks for specific markers in the response to identify vulnerable instances.

This repository contains a functional exploit for CVE-2025-53770, targeting SharePoint via a crafted POST request to ToolPane.aspx. The exploit leverages a deserialization vulnerability in the ExcelDataSet component to achieve remote code execution (RCE).

This repository provides a detailed technical analysis of CVE-2025-53770, a deserialization vulnerability in Microsoft SharePoint Server. It includes an investigation of the exploit chain, MITRE ATT&CK techniques, and indicators of compromise (IoCs), but does not contain functional exploit code.

This PoC exploits a deserialization vulnerability in Microsoft SharePoint (CVE-2025-53770) by crafting a malicious HTTP request that delivers a base64-encoded PowerShell payload. The payload writes an ASPX file to a SharePoint directory, achieving remote code execution (RCE).

This repository provides a functional exploit for CVE-2025-53770, leveraging a deserialization vulnerability in SharePoint to achieve remote code execution (RCE). The exploit uses ysoserial.exe to generate a malicious ViewState payload, which is then sent via a crafted POST request to execute arbitrary commands on the target server.

This repository contains Suricata detection rules for identifying exploitation attempts of CVE-2025-53770, a SharePoint RCE vulnerability. The rules target specific HTTP request patterns associated with the exploit but do not include functional exploit code.

This repository provides a detailed technical analysis of CVE-2025-53770, a critical RCE vulnerability in Microsoft SharePoint Server. It explains the exploit chain involving authentication bypass and unsafe deserialization, along with remediation steps.

The repository provides a functional exploit PoC for CVE-2025-53770, demonstrating unauthenticated RCE in Microsoft SharePoint Server via unsafe deserialization. The PoC includes a curl command to trigger the vulnerability and extract a malicious payload.

This repository contains a functional exploit for CVE-2025-53770, targeting SharePoint via ViewState manipulation to upload a webshell and achieve remote code execution (RCE). The exploit leverages crafted __VIEWSTATE, __VIEWSTATEGENERATOR, and __EVENTVALIDATION parameters to bypass validation and deploy a malicious ASPX shell.

This repository contains a Python script designed to detect the presence of CVE-2025-53770, a critical .NET deserialization vulnerability in SharePoint Server, by checking version numbers and testing for deserialization errors. It does not include exploit code but provides a non-intrusive detection mechanism.

This PowerShell script scans for indicators of compromise related to CVE-2025-53770 in Microsoft SharePoint Server, including suspicious .aspx files, ULS log entries, and security settings like AMSI and Microsoft Defender. It does not exploit the vulnerability but provides detection and optional mitigation steps.

This PowerShell script scans for indicators of compromise related to CVE-2025-53770 in Microsoft SharePoint Server, including suspicious .aspx files, ULS log entries, and security settings like AMSI and Microsoft Defender. It does not exploit the vulnerability but provides detection and optional mitigation steps.

This repository provides a detailed technical analysis of CVE-2025-53770, a critical RCE vulnerability in Microsoft SharePoint Server due to insecure deserialization of ViewState data. It includes root cause analysis, exploitation steps, detection methods, and mitigation strategies.

This Metasploit module exploits a chain of vulnerabilities (CVE-2025-49704, CVE-2025-49706, CVE-2025-53771) in Microsoft SharePoint Server to achieve unauthenticated remote code execution via unsafe deserialization and authentication bypass. It uses a crafted gadget chain involving DataSet, LosFormatter, and TypeConfuseDelegate to execute arbitrary commands.

This repository contains a functional exploit for CVE-2025-53770, targeting SharePoint via ViewState manipulation to upload a webshell and achieve remote code execution (RCE). The exploit leverages crafted __VIEWSTATE, __VIEWSTATEGENERATOR, and __EVENTVALIDATION parameters to bypass validation and deploy a malicious ASPX shell.