Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Details Emerge for SharePoint RCE Vulnerability Exploit

Details Emerge for SharePoint RCE Vulnerability Exploit

Posted on July 8, 2026 By CWS

Introduction to SharePoint RCE Vulnerability

Recent disclosures have brought to light a proof-of-concept (PoC) exploit and intricate technical insights for CVE-2025-53770, a significant remote code execution (RCE) vulnerability affecting on-premises Microsoft SharePoint Server. With these revelations, the likelihood of mass exploitation in environments lacking recent patches has increased.

The flaw, CVE-2025-53770, pertains to the improper handling of untrusted data deserialization in SharePoint, allowing unauthorized users to execute arbitrary code remotely. This vulnerability impacts SharePoint Server versions 2016, 2019, and the Subscription Edition, while Microsoft 365 SharePoint Online remains secure from this threat.

Technical Breakdown of the Exploit

According to research from Viettel Cyber, attackers can exploit the vulnerability by manipulating XML schema processing within the ExcelDataSet control, which is a component of the PerformancePoint BI services. The targeted service is the BIMonitoringAuthoringService, specifically the TestConnection method used to validate data sources.

By injecting a DataSource object with a SourceName set to “ExcelWorkbook,” the exploit leverages an XmlSerializer to deserialize specific fields into an ExcelDataSet instance. This process bypasses the XmlValidator due to improper handling of XML schema imports, leading to execution of unauthorized types.

Vulnerability Exploitation Methodology

The PoC illustrates a method where an attacker manipulates the TestConnection endpoint to execute arbitrary code. This involves embedding a malicious XML payload that references an external XSD from a server controlled by the attacker. The external schema imports are not adequately checked by XmlValidator, allowing for execution of harmful code.

The exploit culminates in the execution of a command like launching win32calc.exe on the SharePoint server, demonstrating the vulnerability’s potential for severe impact. The attack can be carried out using a low-privileged account and involves hosting an external schema file accessible by the SharePoint server.

Mitigation and Security Recommendations

Security experts have observed active exploitation of CVE-2025-53770, emphasizing the urgency for organizations to apply the latest patches from Microsoft. To defend against such attacks, it is recommended to enable AMSI integration, rotate ASP.NET MachineKey values, and conduct thorough threat assessments focusing on PerformancePoint and ViewState activities.

In light of the detailed methodologies available, the potential for copycat attacks is heightened. Organizations utilizing on-premises SharePoint should prioritize these security measures to safeguard their systems against this critical vulnerability.

Stay informed and proactive to protect your infrastructure from emerging cyber threats.

Cyber Security News Tags:BI services, CVE-2025-53770, cyber attack, Cybersecurity, Deserialization, Exploit, Microsoft, on-premises server, PerformancePoint, PoC, RCE vulnerability, security patch, SharePoint, threat mitigation, XML schema

Post navigation

Previous Post: Understanding Email Security Failures: Join Our Webinar
Next Post: Ubiquiti Addresses Critical Security Flaws in UniFi Systems

Related Posts

iOS 26.5 Introduces Encrypted RCS Messaging iOS 26.5 Introduces Encrypted RCS Messaging Cyber Security News
Critical Juniper Networks Flaw Exposes Devices to Attacks Critical Juniper Networks Flaw Exposes Devices to Attacks Cyber Security News
Hugging Face Exploited in North Korean Malware Attack Hugging Face Exploited in North Korean Malware Attack Cyber Security News
Android Zero-Click Flaw Allows Remote Access Android Zero-Click Flaw Allows Remote Access Cyber Security News
New Udados Botnet Launches Massive HTTP Flood DDoS Attacks Targeting Tech Sector New Udados Botnet Launches Massive HTTP Flood DDoS Attacks Targeting Tech Sector Cyber Security News
Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Vulnerability Turns Claude Desktop into Remote Code Threat
  • Ubiquiti Addresses Critical Security Flaws in UniFi Systems
  • Details Emerge for SharePoint RCE Vulnerability Exploit
  • Understanding Email Security Failures: Join Our Webinar
  • Verification Steps: The New ATO Challenge in 2026

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Vulnerability Turns Claude Desktop into Remote Code Threat
  • Ubiquiti Addresses Critical Security Flaws in UniFi Systems
  • Details Emerge for SharePoint RCE Vulnerability Exploit
  • Understanding Email Security Failures: Join Our Webinar
  • Verification Steps: The New ATO Challenge in 2026

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark