CVE-2025-21400
Published: 11 February 2025
Summary
CVE-2025-21400 is a high-severity Improper Authorization (CWE-285) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 16.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).
Deeper analysis
Microsoft SharePoint Server is affected by CVE-2025-21400, a remote code execution vulnerability with a CVSS 3.1 base score of 8.0. The flaw is associated with CWE-285 and was published on 2025-02-11.
An attacker with low privileges can exploit the issue over a network with low attack complexity and requiring user interaction, resulting in high impact to confidentiality, integrity, and availability on the target SharePoint Server.
The Microsoft Security Response Center advisory published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21400 provides official guidance on mitigation and patching. The EPSS score has remained flat at a peak of 0.0187 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2460
Vulnerability details
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE vulnerability in SharePoint Server requires low privileges to exploit over the network, directly enabling privilege escalation to achieve arbitrary code execution on the server.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2025-21400 by requiring timely remediation of known flaws through application of Microsoft SharePoint Server patches as per the vendor advisory.
Ensures organizations receive and act on security advisories like the Microsoft MSRC update guide for CVE-2025-21400 to enable prompt flaw remediation.
Provides vulnerability scanning to identify the presence of CVE-2025-21400 in SharePoint Server instances, enabling targeted patching before exploitation.