Cyber Resilience

CVE-2025-21400

High

Published: 11 February 2025

Published
11 February 2025
Modified
14 February 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0187 83.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21400 is a high-severity Improper Authorization (CWE-285) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 16.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Deeper analysis

Microsoft SharePoint Server is affected by CVE-2025-21400, a remote code execution vulnerability with a CVSS 3.1 base score of 8.0. The flaw is associated with CWE-285 and was published on 2025-02-11.

An attacker with low privileges can exploit the issue over a network with low attack complexity and requiring user interaction, resulting in high impact to confidentiality, integrity, and availability on the target SharePoint Server.

The Microsoft Security Response Center advisory published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21400 provides official guidance on mitigation and patching. The EPSS score has remained flat at a peak of 0.0187 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

Microsoft SharePoint Server Remote Code Execution Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

RCE vulnerability in SharePoint Server requires low privileges to exploit over the network, directly enabling privilege escalation to achieve arbitrary code execution on the server.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21348Same product: Microsoft Sharepoint Server
CVE-2025-49701Same product: Microsoft Sharepoint Server
CVE-2026-40365Same product: Microsoft Sharepoint Server
CVE-2025-53795Same vendor: Microsoft
CVE-2026-26114Same product: Microsoft Sharepoint Server
CVE-2026-27912Same vendor: Microsoft
CVE-2025-21344Same product: Microsoft Sharepoint Server
CVE-2026-20951Same product: Microsoft Sharepoint Server
CVE-2026-20947Same product: Microsoft Sharepoint Server
CVE-2026-26106Same product: Microsoft Sharepoint Server

Affected Assets

microsoft
sharepoint server
2016, 2019 · ≤ 16.0.17928.20396

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-21400 by requiring timely remediation of known flaws through application of Microsoft SharePoint Server patches as per the vendor advisory.

prevent

Ensures organizations receive and act on security advisories like the Microsoft MSRC update guide for CVE-2025-21400 to enable prompt flaw remediation.

preventdetect

Provides vulnerability scanning to identify the presence of CVE-2025-21400 in SharePoint Server instances, enabling targeted patching before exploitation.

References