Back to KEVs

CVE-2025-49704

Microsoft SharePoint Remote Code Execution Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: June 09, 2025
Published Date: July 08, 2025
Last Updated: July 28, 2025
Vendor: Microsoft
Product: Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019
Description: Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

Score: 13.20% (Percentile: 93.81%) as of 2025-07-28

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-07-21 05:45:27 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704

Known Exploited Vulnerability Information

Source	Added Date
TheHackerNews	2025-07-21 05:45:20 UTC

Recent Mentions

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

Source: TheHackerNews • Published: 2025-07-23 04:40:00 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025. "CISA is

Microsoft: Chinese State Hackers Target SharePoint Flaw in Stealthy Attacks

Source: CyberInsider • Published: 2025-07-22 14:30:38 UTC

Chinese state-aligned threat actors are actively exploiting critical vulnerabilities in Microsoft's on-premises SharePoint Server, targeting organizations worldwide with sophisticated attacks that enable credential-less remote code execution and persistent access. Microsoft has released patches and urges immediate action. The exploitation campaign tracked by Microsoft involves two primary vulnerabilities: CVE-2025-49706, a spoofing flaw, and CVE-2025-49704, which allows … The post Microsoft: Chinese State Hackers Target SharePoint Flaw in Stealthy Attacks appeared first on CyberInsider.

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

Source: TheHackerNews • Published: 2025-07-20 09:52:00 UTC

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49704 (CVSS score: 8.8), a code injection and remote code execution bug in Microsoft SharePoint Server that was addressed by the tech giant as

ZDI-25-581: (Pwn2Own) Microsoft SharePoint DataSetSurrogateSelector Deserialization of Untrusted Data Remote Code Execution Vulnerability

Source: Zero Day Initiative Published Advisories • Published: 2025-07-08 05:00:00 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-49704.

Timeline

CVE ID Reserved

June 09, 2025
CVE Published to Public

July 08, 2025
Added to KEVIntel

July 21, 2025