CODE WHITE GmbH<p>We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by <span class="h-card" translate="no"><a href="https://bird.makeup/users/_l0gg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>_l0gg</span></a></span> to pop SharePoint at <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin 2025, it's really just one request! Kudos to <span class="h-card" translate="no"><a href="https://infosec.exchange/@mwulftange" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mwulftange</span></a></span></p>