216.73.217.80

ToolShell Exploit: Critical SharePoint Zero-Day Threatens Global Enterprises

· Published 14/08/2025 22:16 · Modified 15/08/2025 12:38

Export JSON

Essential information

Published
14/08/2025 22:16
Modified
15/08/2025 12:38
Tags
2025-08-14 CVE-2025-49704 CVE-2025-49706 CVE-2025-53770 CVE-2025-53771 chinese threat actors cryptographic keys exploit chain in-memory payload sharepoint toolshell zero-day
Related entities
4 vulnerabilities (cve), 8 observables, 1 intrusion sets (apt), 5 techniques (mitre), 1 malware

Description

A named '' is actively targeting on-premises Microsoft servers worldwide, potentially affecting thousands of organizations. The attack leverages two critical vulnerabilities ( and ) to achieve remote code execution and steal , enabling persistent access even after patches are applied. The threat has evolved to use an , making traditional detection methods unreliable. Chinese state-sponsored threat actors, including Linen Typhoon, Violet Typhoon, and Storm-2603, have been exploiting these vulnerabilities since July 7, 2025. The campaign's impact is significant, with nearly 5% of scanned organizations vulnerable and over 400 confirmed victims.

External references