Code Injection Vulnerability in Microsoft Office SharePoint
CVE-2025-49704

8.8HIGH

Key Information:

Badges

🔥 Trending now📈 Trended📈 Score: 6,740💰 Ransomware👾 Exploit Exists🟣 EPSS 13%🦅 CISA Reported📰 News Worthy

What is CVE-2025-49704?

CVE-2025-49704 is a code injection vulnerability found in Microsoft Office SharePoint, a widely used platform for collaboration and document management within organizations. This vulnerability stems from improper controls in the generation of code, enabling an authorized attacker to execute arbitrary code over a network. The implications of this flaw are significant, as it can allow malicious actors to infiltrate systems and potentially gain unauthorized access to sensitive information or execute harmful operations within the SharePoint environment. Given the critical role SharePoint plays in business operations, organizations affected by this vulnerability may face disruptions, data breaches, or other forms of compromise in their operations and data integrity.

Potential Impact of CVE-2025-49704

  1. Unauthorized Code Execution: This vulnerability allows attackers to execute arbitrary code within the SharePoint environment, which could lead to unauthorized access and control over the organization's systems.

  2. Data Breach Risks: By exploiting this vulnerability, an attacker could gain access to confidential documents and sensitive information stored within SharePoint, leading to potential data leaks and non-compliance with data protection regulations.

  3. Operational Disruption: The ability for an attacker to execute code can lead to service downtime, loss of productivity, and potentially the deployment of further malicious payloads, which can disrupt critical business functions.

CISA has reported CVE-2025-49704

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-49704 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5508.1000

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20027

News Articles

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.

4 days ago

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

CISA flags Microsoft SharePoint flaws under active attack by Chinese hackers. U.S. agencies must patch by July 23

6 days ago

UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities | CISA

Update (07/22/2025): This Alert was updated to reflect newly released information(link is external) from Microsoft, and to correct the actively exploited Common Vulnerabilities and Exposures (CVEs), which...

6 days ago

References

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by SentinelOne

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49704 : Code Injection Vulnerability in Microsoft Office SharePoint