Lucene search
K

24 matches found

Nuclei
Nuclei
added 2026/06/22 5:20 a.m.21 views

Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...

9.8CVSS7.7AI score0.99982EPSS
Exploits41References5
Nuclei
Nuclei
added 2026/06/22 5:20 a.m.22 views

Microsoft SharePoint Server - Remote Code Execution (ToolShell)

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...

9.8CVSS7.7AI score0.99982EPSS
Exploits41References4
The Hacker News
The Hacker News
added 2026/03/10 11:0 a.m.11 views

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage ...

6.4AI score
Exploits0
Information Security Automation
Information Security Automation
added 2025/11/13 1:56 p.m.13 views

About Remote Code Execution – Microsoft SharePoint “ToolShell” (CVE-2025-49704) vulnerability

About Remote Code Execution - Microsoft SharePoint "ToolShell" CVE-2025-49704 vulnerability. This vulnerability is from the Microsoft's July Patch Tuesday. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work...

9.8CVSS8.3AI score0.99982EPSS
Exploits41
Talos Blog
Talos Blog
added 2025/10/23 10:0 a.m.15 views

IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response

Threat actors predominately exploited public-facing applications for initial access this quarter, with this tactic appearing in over 60 percent of Cisco Talos Incident Response Talos IR engagements - a notable increase from less than 10 percent last quarter. This spike is largely attributable to ...

9.8CVSS9.7AI score0.99982EPSS
Exploits43
The Hacker News
The Hacker News
added 2025/10/22 12:56 p.m.14 views

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch

Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as...

9.8CVSS9.7AI score0.99982EPSS
Exploits45
The Hacker News
The Hacker News
added 2025/10/11 1:4 p.m.7 views

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response DFIR tool, in connection with ransomware attacks likely orchestrated by Storm-2603 aka CL-CRI-1040 or Gold Salem, which is known for deploying the Warlock and LockBit ransomware. The threat actor's use ...

5.5CVSS7.3AI score0.00963EPSS
Exploits2
GithubExploit
GithubExploit
added 2025/08/13 12:52 p.m.111 views

Exploit for Deserialization of Untrusted Data in Microsoft

ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend TL...

9.8CVSS10AI score0.99982EPSS
Exploits41
CISA
CISA
added 2025/08/06 12:0 p.m.10 views

CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities

CISA published a Malware Analysis Report MAR with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities: CVE-2025-49704link is external CWE-94: Code Injectionlink is external, CVE-2025-49706link is external CWE-287: Improper Authenticationlink is...

9.8CVSS7.7AI score0.99982EPSS
In wildExploits41References14
CISA
CISA
added 2025/08/06 12:0 p.m.11 views

UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities

Update 08/06/2025: CISA released a Malware Analysis Report MAR on six files related to CVE-2025-49704link is external, CVE-2025-49706link is external, CVE-2025-53770link is external, and CVE-2025-53771link is external. For more information see MAR-251132.c1.v1 Exploitation of SharePoint...

8.8CVSS8.2AI score0.99907EPSS
In wildExploits9References24
GithubExploit
GithubExploit
added 2025/07/27 1:58 p.m.124 views

Exploit for Deserialization of Untrusted Data in Microsoft

SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-R...

9.8CVSS8.2AI score0.99982EPSS
Exploits41
GithubExploit
GithubExploit
added 2025/07/25 8:43 p.m.559 views

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-53770 - Zero-day exploitation in the wild of Microsof...

9.8CVSS9.4AI score0.99982EPSS
Exploits41
Securelist
Securelist
added 2025/07/25 7:0 a.m.12 views

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were...

9.8CVSS9AI score0.99982EPSS
Exploits51
GithubExploit
GithubExploit
added 2025/07/24 4:19 p.m.102 views

Exploit for Deserialization of Untrusted Data in Microsoft

SharePoint "ToolShell" RCE Exploit CVE-2025-53770 Overvi...

9.8CVSS9.3AI score0.99982EPSS
Exploits41
GithubExploit
GithubExploit
added 2025/07/24 1:14 a.m.258 views

Exploit for Deserialization of Untrusted Data in Microsoft

suricata-rule-CVE-2025-53770 Detection rules for CVE-2025-5377...

9.8CVSS9AI score0.99982EPSS
Exploits41
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.2 views

PT-2025-30612 · Undefined · Undefined

💥 UPDATE We now have a reliable vulnerable detection method check-based for CVE-2025-35770. 📌 Nearly 500 unique IP addresses are vulnerable, counting numerous governmental organizations. SharePoint ToolShell https://t.co/Rle2igcE3X...

6.9AI score
Exploits0References2
Trellix
Trellix
added 2025/07/23 12:0 a.m.12 views

Critical SharePoint Vulnerabilities Under Active Exploitation

Critical SharePoint Vulnerabilities Under Active Exploitation By Jeffrey Sman, Mo Cashman and Marc Bolz Robinson · July 23, 2025 On-premises Microsoft SharePoint servers are currently facing high-impact, ongoing threat activity due to a set of critical vulnerabilities, notably CVE-2025-49704,...

9.8CVSS10AI score0.99982EPSS
Exploits41
Information Security Automation
Information Security Automation
added 2025/07/22 3:18 p.m.14 views

About Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770) vulnerability

About Remote Code Execution - Microsoft SharePoint Server "ToolShell" CVE-2025-53770 vulnerability. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. A flaw in the deserialization mechanism of an on-premises...

9.8CVSS8.7AI score0.99982EPSS
Exploits41
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.12 views

PT-2025-30603 · Undefined · Undefined

ParsedReport CompletenessLow 22-07-2025 CVE-202553770/TOOLSHELL: HUNTING DOWN THE ATTACKER TECHNIQUES &VICTIMS https://theravenfile.com/2025/07/22/cve-2025-53770-toolshell-hunting-down-the-attacker-techniques-victims/ Report completeness: Low Actors/Campaigns: Arcanedoor Threats: Toolshell vuln...

9.8CVSS8.6AI score0.99982EPSS
Exploits41References1
Qualys Blog
Qualys Blog
added 2025/07/21 10:3 p.m.42 views

ToolShell Zero-day: Microsoft Rushes Emergency Patch for Actively Exploited SharePoint Vulnerabilities

On July 19, 2025, Microsoft issued an emergency out-of-band security update to address two zero-day vulnerabilities in Microsoft SharePoint Server: CVE-2025-53770 and CVE-2025-53771. These vulnerabilities are under active exploitation in the wild and demand immediate attention to protect your...

9.8CVSS10AI score0.99982EPSS
Exploits41
Rows per page
Query Builder