更新時間:2025/07/23 17:03:23
發佈時間:2025/07/23 17:03:23
TLP:
(White)
得對外公開散布,但不得違反著作權法等相關規定
更新說明:
一、漏洞說明[1]
Microsoft揭露地端版本SharePoint存在高風險反序列化漏洞(CVE-2025-53770),使未經授權的攻擊者透過網路執行程式碼。資安業者已觀察到相關攻擊行為,遠端攻擊者透過傳送特製HTTP請求至暴露於網際網路的SharePoint伺服器,成功利用時可繞過驗證機制上傳惡意檔案以竊取金鑰等加密資訊,並透過金鑰生成有效的Payload,使得攻擊者可繞過身分驗證自遠端執行任意程式碼。
二、已揭露攻擊程式碼說明
1.資安業者[2][3]公告漏洞機制分析結果並提供相關IoC(例如HASH、IP等)資訊。
2.CISA列入已遭利用漏洞清單[4],建議優先修補。
▶ 漏洞資訊
⌵
名稱:
CVE-2025-53770
描述:
使用版本:CVSS 3.1
分析分數:9.8
參考來源:Microsoft
▶ 影響平台
⌵
影響平台-系統:
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
▶ 建議措施
⌵
1.Microsoft已發布更新,建議會員依照單位內既有漏洞管理機制,評估後執行相關作業。
2.若未能即時更新,官方建議於受影響伺服器啟用AMSI(Antimalware Scan Interface)以及Microsoft Defender功能以降低漏洞影響。
▶ IoC資料欄位
⌵
| 類別 | 內容 |
|---|---|
| HASH(MD5) | 02b4571470d83163d103112f07f1c434 |
| HASH(MD5) | 9b7c02c994c2e7df3cc2ebe77e81e9ad |
| HASH(MD5) | 9ed482741a24bba11df38b773a15d39f |
| HASH(MD5) | c4cbf79c7121e72888b56a670ac297e2 |
| HASH(MD5) | c738eb1fe0ebeffe75d22141e891e74f |
| HASH(MD5) | d0bccf604f3721ec41f1142dda23f32f |
| HASH(SHA1) | 50baf689726b76850590c89cc2451c2ed0afe915 |
| HASH(SHA1) | 76746b48a78a3828b64924f4aedca2e4c49b6735 |
| HASH(SHA1) | 7f21382d6f09cb2336255b9484013c756a7d9282 |
| HASH(SHA1) | 950aa10a81ba10b955c67be49af80e91190a9231 |
| HASH(SHA1) | c06ffcd6b18b1dca51b58d07da1dc89605e31de3 |
| HASH(SHA1) | f5b60a8ead96703080e73a1f79c3e70ff44df271 |
| HASH(SHA256) | 27c45b8ed7b8a7e5fff473b50c24028bd028a9fe8e25e5cea2bf5e676e531014 |
| HASH(SHA256) | 390665BDD93A656F48C463BB6C11A4D45B7D5444BDD1D1F7A5879B0F6F9AAC7E |
| HASH(SHA256) | 4a02a72aedc3356d8cb38f01f0e0b9f26ddc5ccb7c0f04a561337cf24aa84030 |
| HASH(SHA256) | 66AF332CE5F93CE21D2FE408DFFD49D4AE31E364D6802FFF97D95ED593FF3082 |
| HASH(SHA256) | 7BAF220EB89F2A216FCB2D0E9AA021B2A10324F0641CAF8B7A9088E4E45BEC95 |
| HASH(SHA256) | 8d3d3f3a17d233bc8562765e61f7314ca7a08130ac0fb153ffd091612920b0f2 |
| HASH(SHA256) | 92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514 |
| HASH(SHA256) | b336f936be13b3d01a8544ea3906193608022b40c28dd8f1f281e361c9b64e93 |
| HASH(SHA256) | b39c14becb62aeb55df7fd55c814afbb0d659687d947d917512fe67973100b70 |
| HASH(SHA256) | fa3a74a6c015c801f5341c02be2cbdfb301c6ed60633d49fc0bc723617741af7 |
| IPv4 | 103.186.30.186 |
| IPv4 | 104.238.159.149 |
| IPv4 | 107.191.58.76 |
| IPv4 | 128.199.240.182 |
| IPv4 | 139.144.199.41 |
| IPv4 | 149.28.124.70 |
| IPv4 | 149.40.50.15 |
| IPv4 | 154.223.19.106 |
| IPv4 | 185.197.248.131 |
| IPv4 | 206.166.251.228 |
| IPv4 | 212.125.27.102 |
| IPv4 | 45.77.155.170 |
| IPv4 | 64.176.50.109 |
| IPv4 | 86.48.9.38 |
| IPv4 | 89.46.223.88 |
| IPv4 | 91.132.95.60 |
| IPv4 | 95.179.158.42 |
| IPv4 | 96.9.125.147 |
▶ 參考資訊
⌵
| 編號 | 網址 | 說明 |
|---|---|---|
| 1 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 | Microsoft |
| 2 | https://www.trendmicro.com/en_us/research/25/g/cve-2025-53770-and-cve-2025-53771-sharepoint-attacks.html | Trendmicro |
| 3 | https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/ | Unit42 |
| 4 | https://www.cisa.gov/known-exploited-vulnerabilities-catalog | CISA |
情資編號:
FISAC-200-202507-0002
系統目錄:
資安漏洞
資安類別:
漏洞公告 /
影響等級:
3
關鍵字:
弱點漏洞