Skip to content

Commit a817104

Browse files
sfewer-r7sfewer-r7
committed
add in a reference to the new technical analysis from the origional finder
1 parent 899e275 commit a817104

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

modules/exploits/windows/http/sharepoint_toolpane_rce.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ def initialize(info = {})
3636
['CVE', '2025-53770'],
3737
# Patch bypass for CVE-2025-49706, exploited in-the-wild as a zero-day.
3838
['CVE', '2025-53771'],
39+
# Technical analysis of CVE-2025-49704 and CVE-2025-49706 by the original finder, Dinh Ho Anh Khoa (Viettel Cyber Security).
40+
['URL', 'https://blog.viettelcybersecurity.com/sharepoint-toolshell/'],
3941
# ZDI advisories for CVE-2025-49704 and CVE-2025-49706, discovered by Viettel Cyber Security.
4042
['URL', 'https://www.zerodayinitiative.com/advisories/ZDI-25-580/'],
4143
['URL', 'https://www.zerodayinitiative.com/advisories/ZDI-25-581/'],

0 commit comments

Comments
 (0)