CVE-2025-49704

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS 8.8 HIGHEPSS 99.9%● KEVCWE-94

In short

An attacker with authorized access to Microsoft SharePoint can inject and execute malicious code on the server. This is dangerous because it allows the attacker to take full control of the SharePoint environment and access sensitive data.

Technical detail

Code injection vulnerability in SharePoint's code generation mechanism allows authenticated attackers to execute arbitrary code remotely via improper input validation. The attack requires valid credentials but can result in complete server compromise with access to all hosted data and resources.

Summary generated and translated by AI from the official description.

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft SharePoint Enterprise Server 2016 Microsoft · Microsoft SharePoint Server 2019

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49704 https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/