Exploit for Deserialization of Untrusted Data in Microsoft_CC794B3A-AEAA-5702-835E-CDE940323175

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

# CVE-2025-53770 – Microsoft SharePoint Server 2019 Unauthenticated RCE via Deserialization

![CVE-2025-53770](https://img.shields.io/badge/CVE-2025--53770-critical-red)
![RCE](https://img.shields.io/badge/exploit-RCE-blue)
![Status](https://img.shields.io/badge/status-verified-success)

> **Exploit Author:** [Agampreet Singh](https://github.com/Agampreet-Singh)
> **Tool:** RedRoot (https://github.com/Agampreet-Singh/RedRoot)
> **Date:** August 7, 2025
> **Tested On:** SharePoint Server 2019 (v16.0.10383.20020) on Windows Server 2019
> **CVE-ID:** [CVE-2025-53770](https://vulners.com/cve/CVE-2025-53770)
> **Vulnerability Type:** Unauthenticated Remote Code Execution (RCE)
> **Attack Vector:** Unsafe .NET deserialization via `Scorecard:ExcelDataSet` in `ToolPane.aspx`

---

## 🧠 Summary

An unauthenticated remote code execution vulnerability was discovered in **Microsoft SharePoint Server 2019**, specifically within the `ToolPane.aspx` endpoint. This flaw arises from unsafe deserialization of the `Scorecard:ExcelDataSet` control, which allows attackers to inject a GZip-compressed and Base64-encoded .NET object that gets deserialized server-side, leading to arbitrary code execution.

---

---

## ⚙️ Affected Version

- Microsoft SharePoint Server 2019
Version: `16.0.10383.20020`

---

## 💥 Exploitation

### Prerequisites

- No authentication required
- Target must be running a vulnerable SharePoint version
- Python 3.x

### Exploit Usage

```bash
python3 cve-2025-53770.py https://target-sharepoint.com

Visit Original Source

Basic Information

ID CC794B3A-AEAA-5702-835E-CDE940323175

Published Aug 7, 2025 at 15:14

Modified Aug 7, 2025 at 15:17

{
    "lastseen": "2025-08-13T08:36:43",
    "description": "# CVE-2025-53770 \u2013 Microsoft SharePoint Server 2019 Unauthenticated RCE via Deserialization\n\n![CVE-2025-53770](https://img.shields.io/badge/CVE-2025--53770-critical-red)\n![RCE](https://img.shields.io/badge/exploit-RCE-blue)\n![Status](https://img.shields.io/badge/status-verified-success)\n\n> **Exploit Author:** [Agampreet Singh](https://github.com/Agampreet-Singh)  \n> **Tool:** RedRoot (https://github.com/Agampreet-Singh/RedRoot)  \n> **Date:** August 7, 2025  \n> **Tested On:** SharePoint Server 2019 (v16.0.10383.20020) on Windows Server 2019  \n> **CVE-ID:** [CVE-2025-53770](https://vulners.com/cve/CVE-2025-53770)  \n> **Vulnerability Type:** Unauthenticated Remote Code Execution (RCE)  \n> **Attack Vector:** Unsafe .NET deserialization via `Scorecard:ExcelDataSet` in `ToolPane.aspx`\n\n---\n\n## \ud83e\udde0 Summary\n\nAn unauthenticated remote code execution vulnerability was discovered in **Microsoft SharePoint Server 2019**, specifically within the `ToolPane.aspx` endpoint. This flaw arises from unsafe deserialization of the `Scorecard:ExcelDataSet` control, which allows attackers to inject a GZip-compressed and Base64-encoded .NET object that gets deserialized server-side, leading to arbitrary code execution.\n\n---\n\n---\n\n## \u2699\ufe0f Affected Version\n\n- Microsoft SharePoint Server 2019  \n  Version: `16.0.10383.20020`\n\n---\n\n## \ud83d\udca5 Exploitation\n\n### Prerequisites\n\n- No authentication required\n- Target must be running a vulnerable SharePoint version\n- Python 3.x\n\n### Exploit Usage\n\n```bash\npython3 cve-2025-53770.py https://target-sharepoint.com\n",
    "published": "2025-08-07T15:14:31",
    "modified": "2025-08-07T15:17:47",
    "type": "githubexploit",
    "title": "Exploit for Deserialization of Untrusted Data in Microsoft",
    "source": "",
    "references": "",
    "id": "CC794B3A-AEAA-5702-835E-CDE940323175",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-53770"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://github.com/Agampreet-Singh/CVE-2025-53770",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply