CVE-2025-21348
Published: 14 January 2025
Summary
CVE-2025-21348 is a high-severity Improper Authorization (CWE-285) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft SharePoint Server is affected by CVE-2025-21348, a remote code execution vulnerability. The flaw carries a CVSS 7.2 rating reflecting network attack vector, low attack complexity, and high-privilege requirements, with impacts allowing complete compromise of confidentiality, integrity, and availability. Associated CWEs include CWE-285.
An authenticated attacker with high privileges can exploit the issue over the network without user interaction, achieving remote code execution on the SharePoint Server and full control of the affected system.
The official advisory published by Microsoft at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21348 provides remediation guidance. EPSS for the CVE rose from a low baseline to a peak of 0.0524 on 2026-02-13 before receding to the current value of 0.0080, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2413
Vulnerability details
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote code execution vulnerability in public-facing Microsoft SharePoint Server directly maps to exploitation of public-facing applications for code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the RCE vulnerability by requiring timely identification, reporting, and correction of flaws like CVE-2025-21348 through vendor patches.
Enforces approved authorizations for access to SharePoint resources, directly addressing the improper authorization (CWE-285) that enables high-privilege RCE exploitation.
Limits damage from PR:H exploitation by ensuring users and processes operate with least privilege necessary, reducing the attack surface in SharePoint.