Imagine an absolute monster of a zero-day exploit that bypasses authentication, allows remote code execution, and steals keys for persistent access, even after patching. That is the reality (nightmare?) that Microsoft SharePoint on-premises users find themselves in today, thanks to CVE-2025-53770, aka “ToolShell.” However, for the many SOC managers, analysts, and incident responders that are thankfully not affected by this zero-day, what lessons can be learned? Let’s break it down, shall we?

*** This is a Security Bloggers Network syndicated blog from AppSec Observer authored by Naomi Buckwalter. Read the original post at: https://www.contrastsecurity.com/security-influencers/inside-the-toolshell-zero-day-sharepoints-insecure-deserialization-flaw