Code Injection Vulnerability in Microsoft Office SharePoint
CVE-2025-49704
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 8 July 2025
Badges
What is CVE-2025-49704?
CVE-2025-49704 is a code injection vulnerability found in Microsoft Office SharePoint, a widely used platform for collaboration and document management within organizations. This vulnerability stems from improper controls in the generation of code, enabling an authorized attacker to execute arbitrary code over a network. The implications of this flaw are significant, as it can allow malicious actors to infiltrate systems and potentially gain unauthorized access to sensitive information or execute harmful operations within the SharePoint environment. Given the critical role SharePoint plays in business operations, organizations affected by this vulnerability may face disruptions, data breaches, or other forms of compromise in their operations and data integrity.
Potential Impact of CVE-2025-49704
-
Unauthorized Code Execution: This vulnerability allows attackers to execute arbitrary code within the SharePoint environment, which could lead to unauthorized access and control over the organization's systems.
-
Data Breach Risks: By exploiting this vulnerability, an attacker could gain access to confidential documents and sensitive information stored within SharePoint, leading to potential data leaks and non-compliance with data protection regulations.
-
Operational Disruption: The ability for an attacker to execute code can lead to service downtime, loss of productivity, and potentially the deployment of further malicious payloads, which can disrupt critical business functions.
CISA has reported CVE-2025-49704
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-49704 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Affected Version(s)
Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5508.1000
Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20027
News Articles
@SecurelistToolShell: a story of five vulnerabilities in Microsoft SharePoint
Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.
4 days ago
The Hacker NewsCISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks
CISA flags Microsoft SharePoint flaws under active attack by Chinese hackers. U.S. agencies must patch by July 23
6 days ago
CISA (.gov)UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities | CISA
Update (07/22/2025): This Alert was updated to reflect newly released information(link is external) from Microsoft, and to correct the actively exploited Common Vulnerabilities and Exposures (CVEs), which...
6 days ago
References
EPSS Score
13% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by SentinelOne
- 📈
Vulnerability started trending
Vulnerability published
Vulnerability Reserved