{“lastseen”:”2025-11-15T02:05:07″,”description”:”\\n\\n**About Remote Code Execution – Microsoft SharePoint \\”ToolShell\\” (CVE-2025-49704) vulnerability.** This vulnerability is from the Microsoft’s July Patch Tuesday. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. Deserialization of untrusted data in the DataSetSurrogateSelector class leads to remote code execution in the context of the SharePoint web server process. Exploitation requires authentication, obtainable for example via CVE-2025-49706 (\\”ToolShell\\” chain).\\n\\n The \\”ToolShell\\” chain was demonstrated by the Viettel Cyber Security team at Pwn2Own Berlin, May 15\u201317, 2025 (prize $100,000).\\n\\n Signs of exploitation in the wild have been observed since July 7. The vulnerability was added to CISA KEV on July 22.\\n\\n Public exploits available on GitHub since July 21.\\n\\n Later \\”ToolShell\\” vulnerabilities: CVE-2025-53770 and CVE-2025-53771.\\n\\n\u041d\u0430 \u0440\u0443\u0441\u0441\u043a\u043e\u043c”,”published”:”2025-11-13T13:56:56″,”modified”:”2025-11-13T13:56:56″,”type”:”avleonov”,”title”:”About Remote Code Execution \u2013 Microsoft SharePoint \u201cToolShell\u201d (CVE-2025-49704) vulnerability”,”source”:””,”references”:””,”id”:”AVLEONOV:22CEEC8D500265AF898E23D054125ECF”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-49704″,”CVE-2025-49706″,”CVE-2025-53770″,”CVE-2025-53771″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/avleonov.com\/2025\/11\/13\/1605-about-remote-code-execution-microsoft-sharepoint\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-15T02:05:07″,”description”:”\\n\\n**About Remote Code Execution – Microsoft SharePoint \\”ToolShell\\” (CVE-2025-49704) vulnerability.** This vulnerability is from the Microsoft’s…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[155,9,6,8,35,12,13,7,11,5],"class_list":["post-26360","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-avleonov","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n