¡¾Îó²îͨ¸æ¡¿Microsoft SharePoint Ô¶³Ì´úÂëÖ´ÐÐÎó²î(CVE-2025-53770)

Ðû²¼Ê±¼ä 2025-07-21

Ò»¡¢Îó²î¸ÅÊö


Îó²îÃû³Æ

Microsoft SharePoint Ô¶³Ì´úÂëÖ´ÐÐÎó²î

CVE   ID

CVE-2025-53770

Îó²îÀàÐÍ

RCE

·¢Ã÷ʱ¼ä

2025-07-21

Îó²îÆÀ·Ö

9.8

Îó²îÆ·¼¶

ÑÏÖØ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

²»ÐèÒª

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

ÒÑ·¢Ã÷


Microsoft SharePointÊÇÒ»¿îÆóÒµ¼¶Ð­×÷ƽ̨£¬£¬£¬£¬£¬£¬£¬Ö¼ÔÚÔö½øÐÅÏ¢¹²Ïí¡¢ÄÚÈÝÖÎÀíºÍÍŶÓЭ×÷¡£¡£¡£¡£¡£ËüÖ§³ÖÎĵµÖÎÀí¡¢ÄÚÈÝÐû²¼¡¢Êý¾Ý¹²ÏíºÍÄÚ²¿ÍøÕ¾½¨Éè¡£¡£¡£¡£¡£SharePointÌṩÁËÇ¿Ê¢µÄÊÂÇéÁ÷¹¦Ð§£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÓû§ÖÎÀíÏîÄ¿¡¢Ê¹ÃüºÍÊÂÇéÁ÷£¬£¬£¬£¬£¬£¬£¬ÌáÉýÍŶÓЧÂÊ¡£¡£¡£¡£¡£Óû§¿ÉÒÔ½¨Éè¡¢´æ´¢ºÍ¹²ÏíÎĵµ¡¢±¨¸æµÈ¶àÖÖÀàÐ͵ÄÐÅÏ¢£¬£¬£¬£¬£¬£¬£¬Ö§³Ö¶àÖÖȨÏÞÖÎÀíºÍÇå¾²¿ØÖÆ¡£¡£¡£¡£¡£Ëü¿ÉÓëÆäËûMicrosoft 365¹¤¾ß£¨ÈçOutlook¡¢TeamsºÍOneDrive£©¼¯³É£¬£¬£¬£¬£¬£¬£¬ÆÕ±éÓ¦ÓÃÓÚ×éÖ¯ÄÚµÄЭ×÷ºÍÐÅÏ¢ÖÎÀí¡£¡£¡£¡£¡£


2025Äê7ÔÂ21ÈÕ£¬£¬£¬£¬£¬£¬£¬¼øºÚµ£±£Íø¼¯ÍÅVSRC¼à²âµ½Microsoft SharePointÖеÄÑÏÖØÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2025-53770£©¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚSharePoint´¦Öóͷ£HTTP RefererͷʱµÄȱÏÝ£¬£¬£¬£¬£¬£¬£¬ÔÊÐí¹¥»÷ÕßÈƹýÉí·ÝÑéÖ¤£¬£¬£¬£¬£¬£¬£¬Î´¾­ÈÏÖ¤Ö´ÐжñÒâ´úÂë¡£¡£¡£¡£¡£Îó²îÁ¬ÏµÁËCVE-2025-49706ºÍCVE-2025-49704£¬£¬£¬£¬£¬£¬£¬ÐγÉÃûΪToolShellµÄ¹¥»÷Á´£¬£¬£¬£¬£¬£¬£¬Ê¹ÓÃSharePointµÄ·´ÐòÁл¯Îó²îÖ´ÐÐÔ¶³Ì´úÂë¡£¡£¡£¡£¡£¹¥»÷Õßͨ¹ýÌáÈ¡SharePointЧÀÍÆ÷µÄÃÜÔ¿ÖÊÁÏ£¨ÈçValidationKeyºÍDecryptionKey£©£¬£¬£¬£¬£¬£¬£¬Äܹ»ÌìÉúÓÐÓõĹ¥»÷Ôغɣ¨Èç__VIEWSTATE£©£¬£¬£¬£¬£¬£¬£¬½øÒ»²½¿ØÖÆЧÀÍÆ÷£¬£¬£¬£¬£¬£¬£¬»ñµÃÒ»Á¬»á¼ûȨÏÞ¡£¡£¡£¡£¡£´ËÎó²îÒѱ»ÆÕ±éʹÓ㬣¬£¬£¬£¬£¬£¬¶à¸öSharePointЧÀÍÆ÷ÔÚ2025Äê7ÔÂ18ÈÕ±»¹¥ÏÝ£¬£¬£¬£¬£¬£¬£¬Îó²îÆÀ·Ö9.8·Ö£¬£¬£¬£¬£¬£¬£¬Îó²î¼¶±ðÑÏÖØ¡£¡£¡£¡£¡£


¶þ¡¢Ó°Ïì¹æÄ£


½öÊÊÓÃÓÚÍâµØ°²ÅŵÄMicrosoft SharePoint Server£¨SharePoint OnlineÔÚMicrosoft 365Öв»ÊÜÓ°Ï죩
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Server 2016


Èý¡¢Çå¾²²½·¥


3.1 Éý¼¶°æ±¾


Microsoft SharePoint Server Subscription EditionºÍMicrosoft SharePoint Server 2019¹Ù·½ÒÑÐû²¼ÐÞ¸´²¹¶¡£¡£¡£¡£¡£¬£¬£¬£¬£¬£¬£¬½¨Ò龡¿ìÉý¼¶
Microsoft SharePoint Server Subscription EditionÉý¼¶²¹¶¡KB5002768
Microsoft SharePoint Server 2019Éý¼¶²¹¶¡KB5002754
Microsoft SharePoint Server 2016£¬£¬£¬£¬£¬£¬£¬ÏÖÔÚ»¹Ã»ÓпÉÓõÄÇå¾²¸üÐÂ


ÏÂÔØÁ´½Ó£º

https://www.microsoft.com/en-us/download/details.aspx?id=108285
https://www.microsoft.com/en-us/download/details.aspx?id=108286


3.2 ÔÝʱ²½·¥


ÔÝÎÞ¡£¡£¡£¡£¡£


3.3 ͨÓý¨Òé


?°´ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¡£¡£¬£¬£¬£¬£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£¡£
?ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬£¬£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬£¬£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£¡£¡£¡£
?ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£¡£
?ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£¡£

?ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
https://research.eye.security/sharepoint-under-siege/
https://thehackernews.com/2025/07/critical-microsoft-sharepoint-flaw.html
https://nvd.nist.gov/vuln/detail/CVE-2025-53770