Rule Library
Sigma Rules
3 rules found for "CVE-2025-53770"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threatcriticalexperimental
Potential SharePoint ToolShell CVE-2025-53770 Exploitation - File Create
Detects the creation of file such as spinstall0.aspx which may indicate successful exploitation of CVE-2025-53770. CVE-2025-53770 is a zero-day vulnerability in SharePoint that allows remote code execution.
WindowsFile Event
Swachchhanda Shrawan Poudel (Nextron Systems)Mon Jul 212025
Emerging Threathighexperimental
Potential SharePoint ToolShell CVE-2025-53770 Exploitation Indicators
Detects potential exploitation of CVE-2025-53770 by identifying indicators such as suspicious command lines discovered in Post-Exploitation activities. CVE-2025-53770 is a zero-day vulnerability in SharePoint that allows remote code execution.
WindowsProcess Creation
Swachchhanda Shrawan Poudel (Nextron Systems)Mon Jul 212025
Emerging Threatmediumexperimental
SharePoint ToolShell CVE-2025-53770 Exploitation - Web IIS
Detects access to vulnerable SharePoint components potentially being exploited in CVE-2025-53770 through IIS web server logs. CVE-2025-53770 is a zero-day vulnerability in SharePoint that allows remote code execution.
Web Server Log
Swachchhanda Shrawan Poudel (Nextron Systems)Mon Jul 212025