Blog for ToolShell.Disclaimer: The content of this blog is provided for educational and informational purposes only. #SharePoint #ToolShell

CVE-2025-53770 requires authentication. They stated the attack vector incorrectly again. Blog may published later, but I’m not sure yet.

Blazing-fast image creation – using just your voice. Try Grok Imagine.

Turn out CVE-2025-53770 is mine. I report it to MSRC after July patch released. @msftsecresponse say it OutofScope because I use the same deser payload at different endpoint which they weren’t aware of. I tried my best to mitigate the exploit and all I got is a thank, nice reward.

Kudos to my teammate @pivik_ for demonstrating this exploit.

RT @vcslab: 🚨 Shocking impact from the SharePoint vulnerability we found at Pwn2Own! 😱.Despite our efforts to patch it 🤝, many systems are….

Viettel Threat Intelligence guideline to protect, prevention strategies, detection patterns and threat hunting techniques:.

alert and recommendations.

You also may want to read this.

Viettel Cyber Security Press Release for Customer alert, Latest research and Recommendations. Blog is comming.#SharePoint #ToolShell

Sorry I was lagging, the patch for SharePoint 2019 is out:.

Nice @pivik_ 🎉🎉.

The bug in my previous blog is CVE-2024-38018 of @chudyPB 🫡. Really want to update the blog & tweet but I can't 😅.

While waiting for the Pwn2Own chain, you might want to read this. Disclaimer: This is a bug I discovered by accident, and already been resolved. I’m not sure which CVE or patch this maps to. If you know any information, please feel free to leave a comment.

RT @codewhitesec: We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to p….

FAQ: .- Why run mspaint? I can't be onsite, so the static payload can run on any OS. ysoserial require windows.- Why it take two attempt at Pwn2Own? At first attempt the command to run the exploit is missing the siteurl part :)).I'm writing the blog, this is it right now:

The SharePoint patch for Pwn2Own Berlin has been released - patch ASAP.The exploit need only one request💣.I’d name this bug ToolShell - ZDI did say the endpoint is ToolPane after all😅.#CVE_2025_49706 #CVE_2025_49704 #SharePoint #Pwn2Own

RT @thezdi: Confirmed!! Dinh Ho Anh Khoa (@_l0gg) of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to….

Write-up cho bài đăng của anh @tuo4n8. Chuyện đã lâu rồi có nhiều thứ mình không còn nhớ. - No outbound Gadgets for CVE-2019-16891. - New JDBC attack chain. For English speakers, please use Google Translate.

RT @tuo4n8: After many bypass attempts and creating several gadgets for RCE on @Apple, and after a looooooooong wait… we finally got it! @_….

Share cho người em.