Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-53771 PoC — Microsoft SharePoint Server Spoofing Vulnerability

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-53771.yaml
Associated Vulnerability
Title:Microsoft SharePoint Server Spoofing Vulnerability (CVE-2025-53771)
Description:Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Description
Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /_layouts/15/ToolPane.aspx with a forged Referer header (/_layouts/SignOut.aspx), attackers can bypass authentication mechanisms and gain unauthorized access to protected endpoints. This vulnerability is part of the ToolShell exploit chain and is a patch bypass for CVE-2025-49706. When chained with CVE-2025-53770 (deserialization vulnerability), it enables unauthenticated remote code execution on SharePoint Server.
File Snapshot

 id: CVE-2025-53771

info:
  name: Microsoft SharePoint Server - Authentication Bypass (ToolShell)
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →