CVE-2025-49704
Published: 08 July 2025
Summary
CVE-2025-49704 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-49704 is a code injection vulnerability, tracked under CWE-94, that affects Microsoft Office SharePoint. The flaw permits improper control over code generation and carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low attack complexity, and low privileges required with no user interaction needed.
An authorized attacker with network access can exploit the issue to execute arbitrary code on affected SharePoint servers, resulting in full compromise of confidentiality, integrity, and availability on the target system.
Microsoft’s Security Response Center advisory and accompanying security blog describe available patches for on-premises SharePoint deployments, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog and references coordinated efforts to disrupt active exploitation.
The EPSS score rose from lower values after the July 2025 disclosure to a peak of 0.7661 on 2025-12-11 before receding to the current 0.5958, indicating increased exploitation interest several months post-publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20554
Vulnerability details
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CWE(s)
- KEV Date Added
- 22 July 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Code injection (CWE-94) leading to unauthenticated RCE on SharePoint directly enables remote exploitation of a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through application of Microsoft patches directly eliminates the code injection vulnerability in SharePoint.
Information input validation prevents code injection by ensuring user-supplied inputs to SharePoint do not contain executable code.
Vulnerability scanning detects the presence of CVE-2025-49704 in SharePoint deployments, enabling prioritization for patching.