Microsoft SharePoint Server DataSetSurrogateSelector Deserialization Remote OS Command Injection Exploit

This module exploits a OS Command Injection via ASP.NET markup vulnerability present in the WikiContentWebpart Web Part of Microsoft SharePoint Server to deploy an agent. The deployed agent will run with the SharePoint Server service account privileges.
CVE Link
CVE-2025-49704
Exploit Platform
Windows
Exploit Type
Exploits
OS Command Injection
Known Vulnerabilities
Product Name
Impact