¡¾·ì϶¹«¸æ¡¿Microsoft SharePoint Ô¶³Ì´úÂëÖ´Ðзì϶(CVE-2025-53770)

°ä²¼¹¦·ò 2025-07-21

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Microsoft SharePoint Ô¶³Ì´úÂëÖ´Ðзì϶

CVE   ID

CVE-2025-53770

·ì϶ÀàÐÍ

RCE

·¢ÏÖ¹¦·ò

2025-07-21

·ì϶ÆÀ·Ö

9.8

·ì϶µÈ¼¶

ÑϳÁ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

ÒÑ·¢ÏÖ


Microsoft SharePointÊÇÒ»¿îÆóÒµ¼¶ºÏ×÷ƽ̨£¬£¬ £¬£¬£¬£¬£¬£¬Ö¼ÔÚÍƽøÐÅÏ¢¹²Ïí¡¢ÄÚÈÝÖÎÀíºÍÍŶӺÏ×÷¡£¡£¡£¡£¡£¡£¡£ËüÖ§³ÖÎĵµÖÎÀí¡¢ÄÚÈÝ°ä²¼¡¢Êý¾Ý¹²ÏíºÍÄÚ²¿ÍøÕ¾´´½¨¡£¡£¡£¡£¡£¡£¡£SharePointÌṩÁË׳´óµÄ¹¤×÷Á÷Ö°ÄÜ£¬£¬ £¬£¬£¬£¬£¬£¬ÔÊÐíÓû§ÖÎÀíÏîÄ¿¡¢¹¤×÷ºÍ¹¤×÷Á÷£¬£¬ £¬£¬£¬£¬£¬£¬ÌáÉýÍŶÓЧÄÜ¡£¡£¡£¡£¡£¡£¡£Óû§Äܹ»´´½¨¡¢´æ´¢ºÍ¹²ÏíÎĵµ¡¢»ã±¨µÈ¶àÖÖÀàÐ͵ÄÐÅÏ¢£¬£¬ £¬£¬£¬£¬£¬£¬Ö§³Ö¶àÖÖȨÏÞÖÎÀíºÍ°²È«½ÚÔì¡£¡£¡£¡£¡£¡£¡£Ëü¿ÉÓëÆäËûMicrosoft 365¹¤¾ß£¨ÈçOutlook¡¢TeamsºÍOneDrive£©¼¯³É£¬£¬ £¬£¬£¬£¬£¬£¬¿í·ºÀûÓÃÓÚ×éÖ¯ÄڵĺÏ×÷ºÍÐÅÏ¢ÖÎÀí¡£¡£¡£¡£¡£¡£¡£


2025Äê7ÔÂ21ÈÕ£¬£¬ £¬£¬£¬£¬£¬£¬8827Ì«Ñô¼¯Íż¯ÍÅVSRC¼à²âµ½Microsoft SharePointÖеÄÑϳÁÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2025-53770£©¡£¡£¡£¡£¡£¡£¡£¸Ã·ì϶ԴÓÚSharePoint´¦ÖÃHTTP RefererͷʱµÄȱµã£¬£¬ £¬£¬£¬£¬£¬£¬ÔÊÐí¹¥»÷ÕßÈƹýÉí·ÝÑéÖ¤£¬£¬ £¬£¬£¬£¬£¬£¬Î´¾­ÈÏÖ¤Ö´ÐжñÒâ´úÂë¡£¡£¡£¡£¡£¡£¡£·ì϶½áºÏÁËCVE-2025-49706ºÍCVE-2025-49704£¬£¬ £¬£¬£¬£¬£¬£¬ÐγÉÃûΪToolShellµÄ¹¥»÷Á´£¬£¬ £¬£¬£¬£¬£¬£¬ÀûÓÃSharePointµÄ·´ÐòÁл¯·ì϶ִÐÐÔ¶³Ì´úÂë¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õßͨ¹ýÌáÈ¡SharePoint·þÎñÆ÷µÄÃÜÔ¿×ÊÁÏ£¨ÈçValidationKeyºÍDecryptionKey£©£¬£¬ £¬£¬£¬£¬£¬£¬¿ÉÄÜÌìÉúÓÐЧµÄ¹¥»÷Ôغɣ¨Èç__VIEWSTATE£©£¬£¬ £¬£¬£¬£¬£¬£¬½øÒ»²½½ÚÔì·þÎñÆ÷£¬£¬ £¬£¬£¬£¬£¬£¬»ñµÃ³ÖÐø½Ó¼ûȨÏÞ¡£¡£¡£¡£¡£¡£¡£´Ë·ì϶Òѱ»¿í·ºÀûÓ㬣¬ £¬£¬£¬£¬£¬£¬¶à¸öSharePoint·þÎñÆ÷ÔÚ2025Äê7ÔÂ18ÈÕ±»¹¥Ï£¬£¬ £¬£¬£¬£¬£¬£¬·ì϶ÆÀ·Ö9.8·Ö£¬£¬ £¬£¬£¬£¬£¬£¬·ì϶¼¶±ðÑϳÁ¡£¡£¡£¡£¡£¡£¡£


¶þ¡¢Ó°ÏìÁìÓò


½öºÏÓÃÓÚ±¾µØ²¿ÊðµÄMicrosoft SharePoint Server£¨SharePoint OnlineÔÚMicrosoft 365Öв»ÊÜÓ°Ï죩
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Server 2016


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


Microsoft SharePoint Server Subscription EditionºÍMicrosoft SharePoint Server 2019¹Ù·½ÒÑ°ä²¼½¨¸´²¹¶¡£¡£¡£¡£¡£¡£¡£¬£¬ £¬£¬£¬£¬£¬£¬½¨Ò龡¿ìÉý¼¶
Microsoft SharePoint Server Subscription EditionÉý¼¶²¹¶¡KB5002768
Microsoft SharePoint Server 2019Éý¼¶²¹¶¡KB5002754
Microsoft SharePoint Server 2016£¬£¬ £¬£¬£¬£¬£¬£¬Ä¿Ç°»¹Ã»ÓпÉÓõݲȫ¸üÐÂ


ÏÂÔØÁ´½Ó£º

https://www.microsoft.com/en-us/download/details.aspx?id=108285
https://www.microsoft.com/en-us/download/details.aspx?id=108286


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£¡£¡£¡£¡£¡£¡£


3.3 ͨÓý¨Òé


?¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¡£¡£¡£¡£¬£¬ £¬£¬£¬£¬£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬ £¬£¬£¬£¬£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£¡£¡£¡£¡£¡£
?¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬£¬ £¬£¬£¬£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬ £¬£¬£¬£¬£¬£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬ £¬£¬£¬£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬ £¬£¬£¬£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£¡£¡£¡£¡£¡£
?ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬ £¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£¡£¡£¡£¡£¡£
?¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬ £¬£¬£¬£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬£¬ £¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£¡£¡£¡£

?ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£¡£¡£¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
https://research.eye.security/sharepoint-under-siege/
https://thehackernews.com/2025/07/critical-microsoft-sharepoint-flaw.html
https://nvd.nist.gov/vuln/detail/CVE-2025-53770