Mar-251132.c1.v1 exploitation of sharepoint vulnerabilities of spinstall0.aspx

Intel Name: Mar-251132.c1.v1 exploitation of sharepoint vulnerabilities of spinstall0.aspx

Date of Scan: August 7, 2025

Impact: High

Summary:
Detects the exploitation of SharePoint servers through ToolShell CVE-2025-53770. The previous related CVEs are CVE-2025-49706 and CVE-2025-49704. CVE-2025-53770 introduces a new and stealthy webshell, known as SharpyShell, which extracts and leaks cryptographic secrets from the SharePoint server via a basic GET request.

More Details