CyberSecurityBoard
Sponsor Register Login

Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part

The vulnerability highlights the critical importance of secure deserialization practices in enterprise applications and the need for comprehensive security reviews of complex application frameworks like SharePoint. According to the Viettel Security report, the vulnerability originates in the SharePoint WebPart control parsing mechanism, specifically within the Microsoft.SharePoint.WebPartPages.WebPart.AddParsedSubObject() method. The attack chain follows a complex deserialization path through multiple SharePoint components, ultimately reaching the vulnerable Microsoft.SharePoint.WebPartPages.Utility.DeserializeStringToObject() function. Successful exploitation grants attackers remote code execution capabilities within the SharePoint application context, potentially leading to complete system compromise. This critical flaw has been patched but remains a significant concern for organizations running vulnerable SharePoint instances. Additionally, network segmentation and monitoring of SharePoint web service endpoints can help detect potential exploitation attempts. This component allows binary deserialization of any class within SharePoint’s SafeControls, creating a significant security gap. The vulnerability affects SharePoint version 15.0.5145.1000 and may also affect other versions.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Jul 2025 10:45:12 +0000


Cyber News related to Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
2 weeks ago Krebsonsecurity.com CVE-2025-53770
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
2 weeks ago Cybersecuritynews.com
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available - The Microsoft SharePoint zero-day attacks were first identified by Dutch cybersecurity firm Eye Security, which told BleepingComputer that over 75 companies have already been compromised by the attacks. In May, Viettel Cyber Security researchers ...
2 weeks ago Bleepingcomputer.com CVE-2025-49706
Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part - The vulnerability highlights the critical importance of secure deserialization practices in enterprise applications and the need for comprehensive security reviews of complex application frameworks like SharePoint. According to the Viettel Security ...
3 weeks ago Cybersecuritynews.com
Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day - Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft released emergency security updates on ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770
CISA Warns of Microsoft SharePoint server 0-Day RCE Vulnerability Exploited in Wild - CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
New SharePoint flaws help hackers evade detection when stealing files - Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. Microsoft SharePoint is a web-based collaborative platform that integrates with ...
1 year ago Bleepingcomputer.com
Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Vulnerability in the Wild - The tech giant’s Security Response Center reported coordinated attacks targeting internet-facing SharePoint installations using newly disclosed vulnerabilities that enable authentication bypass and remote code execution. Microsoft has released ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770
SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access - A sophisticated cyberattack campaign targeting Microsoft SharePoint servers has been discovered exploiting a newly weaponized vulnerability chain dubbed “ToolShell,” enabling attackers to gain complete remote control over vulnerable ...
2 weeks ago Cybersecuritynews.com CVE-2025-49706
Microsoft Released an Emergency Security Update to Patch a Critical SharePoint 0-Day Vulnerability - Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting. Microsoft Defender for Endpoint generates specific alerts, including ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770
Microsoft SharePoint Server 0-Day Hack Hits African Treasury, Companies, and University - The attack specifically targets on-premise SharePoint installations, exploiting previously unknown security flaws that allowed threat actors to infiltrate critical infrastructure systems belonging to government agencies, educational institutions, and ...
1 week ago Cybersecuritynews.com
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More - Google has issued an emergency security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild. The Node.js project released security updates on July 15, 2025, to fix ...
2 weeks ago Cybersecuritynews.com CVE-2025-6558
Weekly Cybersecurity Recap : Sharepoint 0-day, Vmware Exploitation, Threats and Cyber Attacks - Tracked as CVE-2025-12345, this flaw allows remote code execution (RCE) without authentication, potentially enabling attackers to compromise sensitive data or deploy malware on affected servers. The U.S. Cybersecurity and Infrastructure Security ...
1 week ago Cybersecuritynews.com CVE-2025-12345 APT41
CVE-2020-16944 - <p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p> ...
1 year ago
CISA: Critical SharePoint vuln is under active exploitation The Register - Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list. When vulnerabilities are added to CISA's ...
1 year ago Theregister.com CVE-2023-29357 CVE-2023-24955
CVE-2015-0085 - Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold ...
6 years ago
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild - The vulnerabilities, designated as CVE-2025-49704 and CVE-2025-49706, pose significant risks to organizations running on-premises SharePoint servers and have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate ...
2 weeks ago Cybersecuritynews.com CVE-2025-49704
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
CISA: Critical Microsoft SharePoint bug now actively exploited - CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. Tracked as CVE-2023-29357, the security flaw enables remote ...
1 year ago Bleepingcomputer.com CVE-2023-29357 CVE-2023-24955
CISA: Critical SharePoint vuln is under active exploitation The Register - Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list. When vulnerabilities are added to CISA's ...
1 year ago Go.theregister.com CVE-2023-29357 CVE-2023-24955
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Metasploit Module Released For Actively Exploited SharePoint 0-Day Vulnerabilities - Cyber Security News - The module, designated as pull request #20409 in the Metasploit Framework repository, addresses CVE-2025-53770 and CVE-2025-53771, which enable unauthenticated remote code execution (RCE) attacks against vulnerable SharePoint installations. During ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)