CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-49704

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.614

EPSS Ranking 98.2%

CVSS Severity

CVSS v3 Score 8.8

Proposed Action

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

Ransomware Campaign

Known

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49704
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/

Products affected by CVE-2025-49704

Microsoft » Sharepoint Server » Version: 2016

cpe:2.3:a:microsoft:sharepoint_server:2016
Microsoft » Sharepoint Server » Version: 2019

cpe:2.3:a:microsoft:sharepoint_server:2019

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-49704

Products

Pricing

Contact Us