Today, Immersive's Container 7 Research Team have released two new CTI labs covering a critical vulnerability in Microsoft SharePoint, allowing unauthorized attackers to execute arbitrary code over a network.
Recently, a critical zero-day vulnerability affecting on-premise SharePoint servers, identified as CVE-2025-53770, was uncovered. This vulnerability allows for authentication bypass, leading to remote code execution, and has been actively exploited in the wild. Eye Security researchers detected an in-the-wild exploit chain on July 18, 2025, during an incident response engagement. This discovery led to Microsoft assigning two CVEs: CVE-2025-53770 and CVE-2025-53771. The attack notably leveraged a combination of vulnerabilities to achieve its objectives, impacting numerous SharePoint servers globally. There is now a public exploit available for anyone wanting to achieve remote code execution.
Why should our customers care?
This critical vulnerability has been added to the CISA Kev Catalog. and with no authentication or user interaction, a vulnerable SharePoint server can be fully taken over remotely, letting attackers run arbitrary code as if they were privileged admins. SharePoint is a complex and large system that often holds a lot of sensitive data for organizations and is often a targeted system for attackers.
Who is the defensive lab for?
- System Administrators
- SOC Analysts
- Incident Responders
- Threat Hunters
Who is the offensive lab for?
- Red teamers
- Penetration Testers
- Threat Hunters
Here are the links to the labs:
- Offensive: https://immersivelabs.online/v2/labs/cve-2025-53770-toolshell-sharepoint-rce-offensive
- Defensive: https://immersivelabs.online/v2/labs/cve-2025-53770-toolshell-sharepoint-rce-defensive
Immerser
Immerser
