CVE-2025-49712
Published: 12 August 2025
Summary
CVE-2025-49712 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-49712 is a deserialization of untrusted data vulnerability, tracked under CWE-502, that affects Microsoft Office SharePoint. The flaw carries a CVSS 3.1 base score of 8.8 and permits remote code execution when an attacker supplies crafted serialized data to the affected component.
An authorized user with network access can exploit the issue without user interaction, resulting in full compromise of confidentiality, integrity, and availability on the target SharePoint server. The attack vector is rated network-accessible with low attack complexity and low privileges required.
The single reference points to the Microsoft Security Response Center advisory for CVE-2025-49712, which is the authoritative source for patch availability and mitigation guidance. The EPSS score has remained flat at 0.3561 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24275
Vulnerability details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct RCE via deserialization in network-accessible SharePoint server application matches exploitation of public-facing apps.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates deserialization of untrusted data by requiring validation of all information inputs before processing in SharePoint.
Ensures timely remediation of the specific deserialization flaw through flaw remediation processes like patching.
Mitigates remote code execution consequences of successful deserialization via memory protection safeguards such as DEP and ASLR.