CVE DATABASE / CVE-2025-49704
CVE-2025-49704
Microsoft SharePoint Code Injection Vulnerability
Confirmed exploited in the wild. Added 2025-07-22.
Federal remediation due 2025-07-23.
Required action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Summary
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49704
- https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-27. Always verify against the vendor advisory before acting.