CVE-2025-49704 | THREATINT

Description

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

PUBLISHED Reserved 2025-06-09 | Published 2025-07-08 | Updated 2026-02-13 | Assigner microsoft

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA Known Exploited Vulnerability

Date added 2025-07-22 | Due date 2025-07-23

Known Ransomware Campaign(s)

Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Problem types

CWE-94: Improper Control of Generation of Code ('Code Injection')

Product status

16.0.0 (custom) before 16.0.5508.1000

affected

16.0.0 (custom) before 16.0.10417.20027

affected

References

www.microsoft.com/...on-premises-sharepoint-vulnerabilities/ vendor-advisory

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2025-49704 government-resource

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 (Microsoft SharePoint Remote Code Execution Vulnerability) vendor-advisory patch

cve.org (CVE-2025-49704)

nvd.nist.gov (CVE-2025-49704)

Download JSON