24 matches found
Microsoft SharePoint Server - Authentication Bypass (ToolShell)
Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...
Microsoft SharePoint Server - Remote Code Execution (ToolShell)
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage ...
About Remote Code Execution – Microsoft SharePoint “ToolShell” (CVE-2025-49704) vulnerability
About Remote Code Execution - Microsoft SharePoint "ToolShell" CVE-2025-49704 vulnerability. This vulnerability is from the Microsoft's July Patch Tuesday. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work...
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response
Threat actors predominately exploited public-facing applications for initial access this quarter, with this tactic appearing in over 60 percent of Cisco Talos Incident Response Talos IR engagements - a notable increase from less than 10 percent last quarter. This spike is largely attributable to ...
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as...
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
Threat actors are abusing Velociraptor, an open-source digital forensics and incident response DFIR tool, in connection with ransomware attacks likely orchestrated by Storm-2603 aka CL-CRI-1040 or Gold Salem, which is known for deploying the Warlock and LockBit ransomware. The threat actor's use ...
Exploit for Deserialization of Untrusted Data in Microsoft
ToolShell-CVE-2025-53770-SharePoint-Exploit-Lab-LetsDefend TL...
UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities
Update 08/06/2025: CISA released a Malware Analysis Report MAR on six files related to CVE-2025-49704link is external, CVE-2025-49706link is external, CVE-2025-53770link is external, and CVE-2025-53771link is external. For more information see MAR-251132.c1.v1 Exploitation of SharePoint...
CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities
CISA published a Malware Analysis Report MAR with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities: CVE-2025-49704link is external CWE-94: Code Injectionlink is external, CVE-2025-49706link is external CWE-287: Improper Authenticationlink is...
Exploit for Deserialization of Untrusted Data in Microsoft
SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-R...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2025-53770 - Zero-day exploitation in the wild of Microsof...
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were...
Exploit for Deserialization of Untrusted Data in Microsoft
SharePoint "ToolShell" RCE Exploit CVE-2025-53770 Overvi...
Exploit for Deserialization of Untrusted Data in Microsoft
suricata-rule-CVE-2025-53770 Detection rules for CVE-2025-5377...
PT-2025-30612 · Undefined · Undefined
💥 UPDATE We now have a reliable vulnerable detection method check-based for CVE-2025-35770. 📌 Nearly 500 unique IP addresses are vulnerable, counting numerous governmental organizations. SharePoint ToolShell https://t.co/Rle2igcE3X...
Critical SharePoint Vulnerabilities Under Active Exploitation
Critical SharePoint Vulnerabilities Under Active Exploitation By Jeffrey Sman, Mo Cashman and Marc Bolz Robinson · July 23, 2025 On-premises Microsoft SharePoint servers are currently facing high-impact, ongoing threat activity due to a set of critical vulnerabilities, notably CVE-2025-49704,...
About Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770) vulnerability
About Remote Code Execution - Microsoft SharePoint Server "ToolShell" CVE-2025-53770 vulnerability. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. A flaw in the deserialization mechanism of an on-premises...
PT-2025-30603 · Undefined · Undefined
ParsedReport CompletenessLow 22-07-2025 CVE-202553770/TOOLSHELL: HUNTING DOWN THE ATTACKER TECHNIQUES &VICTIMS https://theravenfile.com/2025/07/22/cve-2025-53770-toolshell-hunting-down-the-attacker-techniques-victims/ Report completeness: Low Actors/Campaigns: Arcanedoor Threats: Toolshell vuln...
ToolShell Zero-day: Microsoft Rushes Emergency Patch for Actively Exploited SharePoint Vulnerabilities
On July 19, 2025, Microsoft issued an emergency out-of-band security update to address two zero-day vulnerabilities in Microsoft SharePoint Server: CVE-2025-53770 and CVE-2025-53771. These vulnerabilities are under active exploitation in the wild and demand immediate attention to protect your...