Metasploit Module Released for Exploited SharePoint 0-Day Vulnerabilities - cyberpress.org

Metasploit Module Released for Exploited SharePoint 0-Day Vulnerabilities By AnuPriya July 24, 2025 Categories: Cyber Security NewsCybersecurityVulnerabilityZero-day Security researchers have developed a new exploit module for recently discovered critical vulnerabilities affecting Microsoft SharePoint Server, highlighting ongoing concerns about the platform’s security posture and the rapid weaponization of disclosed vulnerabilities. The Metasploit Framework, a widely-used penetration testing platform, received a draft pull request on July 23, 2025, introducing an exploit module targeting CVE-2025-53770 and CVE-2025-53771. These vulnerabilities represent patch bypasses for two previously addressed security flaws, CVE-2025-49704 and CVE-2025-49706, demonstrating the persistent challenge of effectively securing SharePoint installations against sophisticated attack vectors. Zero-Day Origins and In-the-Wild Discovery The exploit module development stems from a zero-day attack discovered in active use around July 19, 2025. The attack chain enables unauthenticated remote code execution through SharePoint’s ToolPane component, allowing attackers to gain system-level access without requiring valid credentials. Security researcher sfewer-r7 from Rapid7 based the Metasploit module on analysis of the captured in-the-wild exploit, which was subsequently published as a single HTTP request demonstration. The vulnerability chain specifically targets the SharePoint ToolPane functionality, exploiting authentication bypass mechanisms that allow attackers to execute arbitrary commands on the underlying Windows server. Testing demonstrated successful exploitation against Microsoft SharePoint Server 2019 version 16.0.10417.20027, with the exploit achieving SYSTEM-level privileges on Windows Server 2022 systems. Technical Implementation and Capabilities The current exploit module supports command-based payloads, with successful demonstrations showing both Meterpreter reverse shell connections and generic command execution capabilities. The module performs automatic vulnerability detection by analyzing SharePoint version information through accessible layout pages, providing penetration testers with reliable target identification. However, implementation challenges remain. Some SharePoint installations with specific security configurations return HTTP 401 unauthorized responses during vulnerability assessment. Security researcher Alexey-at-work-bc identified that changing the check routine from “error.aspx” to “start.aspx” resolves authentication issues in certain deployment scenarios. Ongoing Security Concerns The rapid development of exploit code following vulnerability disclosure highlights the critical importance of timely SharePoint patching. Organizations running SharePoint Server 2019 face particular risk, as the vulnerability affects widely deployed enterprise collaboration platforms that often contain sensitive corporate data. The exploit’s effectiveness against patch bypasses suggests that Microsoft’s initial security fixes may have been incomplete, allowing determined attackers to circumvent protective measures through alternative attack vectors. This pattern emphasizes the need for comprehensive security testing and defense-in-depth approaches rather than relying solely on vendor patches. Mitigation and Response Organizations should immediately assess their SharePoint deployments for vulnerability exposure and apply the latest security updates from Microsoft. Network monitoring for unusual SharePoint ToolPane requests and implementing additional authentication controls may provide interim protection while patches are deployed. The Metasploit module remains in draft status as developers continue refining the exploit chain and expanding payload delivery options. Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles How to Find an Affordable, Easy to Deploy PAM in 2026 (and What to Avoid)  Technology March 16, 2026 Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway Cyber Attack March 16, 2026 Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories Cyber Security News March 16, 2026 Android 17 Launches Advanced Protection Mode to Stop Malicious Service Exploits Cyber Security News March 16, 2026 Google Looker Studio Vulnerabilities Enable Attackers to Exfiltrate Data from Google Services Cyber Security News March 16, 2026 Related Stories Cyber Attack Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway AnuPriya - March 16, 2026 Cyber Security News Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories AnuPriya - March 16, 2026 Cyber Security News Android 17 Launches Advanced Protection Mode to Stop Malicious Service Exploits AnuPriya - March 16, 2026 Cyber Security News Google Looker Studio Vulnerabilities Enable Attackers to Exfiltrate Data from Google Services AnuPriya - March 16, 2026 Cyber Security News Real-Time Phishing Campaigns Use Fake Shipment Alerts To Steal Banking Data In MEA Varshini - March 16, 2026 Cyber Security News Indirect Prompt Injection Attacks Cause OpenClaw AI Agents to Leak Sensitive Data AnuPriya - March 16, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: