Known Exploited Vulnerability
8.8
HIGH
CVE-2025-49704
Microsoft SharePoint Code Injection Vulnerability - [Actively Exploited]
Description

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

INFO

Published Date :

July 8, 2025, 5:15 p.m.

Last Modified :

July 30, 2025, 1 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

2.8
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704.

Required Action :

CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Notes :

CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49704

Public PoC/Exploit Available at Github

CVE-2025-49704 has a 7 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-49704 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft sharepoint_server
2 Microsoft sharepoint_server_2016
3 Microsoft sharepoint_server_2019
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-49704.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 Vendor Advisory
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

PowerShell

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : July 22, 2025, 9:54 p.m. This repo has been linked 4 different CVEs too.

Honeypot for CVE-2025-53770 aka ToolShell

Python Shell YARA

Updated: 1 week, 2 days ago
0 stars 1 fork 1 watcher
Born at : July 22, 2025, 1:44 p.m. This repo has been linked 4 different CVEs too.

None

PowerShell

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : July 21, 2025, 7:32 p.m. This repo has been linked 3 different CVEs too.

Comprueba si un servidor SharePoint on-premises es vulnerable a CVE-2025-53770

Python

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : July 21, 2025, 6:43 p.m. This repo has been linked 3 different CVEs too.

None

Python

Updated: 1 day, 8 hours ago
0 stars 0 fork 0 watcher
Born at : Oct. 29, 2024, 8:10 p.m. This repo has been linked 11 different CVEs too.

CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.

Python

Updated: 6 days, 3 hours ago
2 stars 0 fork 0 watcher
Born at : Oct. 29, 2024, 10:19 a.m. This repo has been linked 191 different CVEs too.

SecDB - Security Feeds

cve security-feeds vulnerability

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : July 1, 2022, 8:37 p.m. This repo has been linked 97 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-49704 vulnerability anywhere in the article.

  • CybersecurityNews
Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections

A newly identified threat actor designated Storm-2603 has emerged as a sophisticated adversary in the ransomware landscape, leveraging advanced custom malware to circumvent endpoint security protectio ... Read more

Published Date: Aug 02, 2025 (1 day, 20 hours ago)
  • The Hacker News
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

Aug 01, 2025Ravie LakshmananThreat Intelligence / Ransomware The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke co ... Read more

Published Date: Aug 01, 2025 (2 days, 14 hours ago)
  • AttackIQ
Response to CISA Alert: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities

On July 8, 2025, vulnerabilities CVE-2025-49704 (Remote Code Execution) and CVE-2025-49706 (Network Spoofing), affecting on-premises Microsoft SharePoint servers, were officially reported. On the same ... Read more

Published Date: Jul 30, 2025 (4 days, 2 hours ago)
  • Schneier on Security
Microsoft SharePoint Zero-Day

Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a po ... Read more

Published Date: Jul 28, 2025 (6 days, 11 hours ago)
  • CybersecurityNews
New “ToolShell” Exploit Chain Attacking SharePoint Servers to Gain Complete Control

A critical new threat targeting Microsoft SharePoint servers through a sophisticated exploit chain dubbed “ToolShell.” This multi-stage attack combines previously patched vulnerabilities with fresh ze ... Read more

Published Date: Jul 28, 2025 (6 days, 12 hours ago)
  • The Register
Blame a leak for Microsoft SharePoint attacks, researcher insists

A week after Microsoft told the world that its July software updates didn't fully fix a couple of bugs, which allowed miscreants to take over on-premises SharePoint servers and remotely execute code, ... Read more

Published Date: Jul 26, 2025 (1 week, 1 day ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 30

The Good | Authorities Dismantle XSS.is Cybercrime Forum & Release Free Phobos/8Base Decryptor After a 12-year long run, XSS[.]is (formerly DaMaGeLaB) faced major disruptions this week with the arrest ... Read more

Published Date: Jul 25, 2025 (1 week, 2 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 30

The Good | Authorities Dismantle XSS.is Cybercrime Forum & Release Free Phobos/8Base Decryptor After a 12-year long run, XSS[.]is (formerly DaMaGeLaB) faced major disruptions this week with the arrest ... Read more

Published Date: Jul 25, 2025 (1 week, 2 days ago)
  • CybersecurityNews
Hackers Exploiting Sharepoint 0-day Vulnerability to Deploy Warlock Ransomware

Microsoft has issued urgent warnings about active exploitation of critical SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 by multiple threat actors, including the China-based group Storm ... Read more

Published Date: Jul 25, 2025 (1 week, 2 days ago)
  • Kaspersky
ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not requi ... Read more

Published Date: Jul 25, 2025 (1 week, 2 days ago)
  • The Register
Microsoft: SharePoint attacks now officially include ransomware infections

Ransomware has officially entered the Microsoft SharePoint exploitation ring. Late Wednesday, in an update to its earlier warning, Redmond confirmed that a threat group it tracks as Storm-2603 is abus ... Read more

Published Date: Jul 24, 2025 (1 week, 3 days ago)
  • Help Net Security
Storm-2603 spotted deploying ransomware on exploited SharePoint servers

One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. Fir ... Read more

Published Date: Jul 24, 2025 (1 week, 3 days ago)
  • CybersecurityNews
Metasploit Module Released For Actively Exploited SharePoint 0-Day Vulnerabilities

Researchers have developed a new Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are being actively exploited in the wild. The module, designa ... Read more

Published Date: Jul 24, 2025 (1 week, 3 days ago)
  • The Hacker News
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

Jul 24, 2025Ravie LakshmananVulnerability / Ransomware Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targ ... Read more

Published Date: Jul 24, 2025 (1 week, 3 days ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
National Nuclear Security Administration Systems Breached in SharePoint Cyberattack

A recent global cyberattack campaign, exploiting critical vulnerabilities in Microsoft’s on-premise SharePoint software, has impacted several US government agencies, including the National Institutes ... Read more

Published Date: Jul 24, 2025 (1 week, 3 days ago)
  • BleepingComputer
Microsoft: SharePoint servers also targeted in ransomware attacks

A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. "Although ... Read more

Published Date: Jul 24, 2025 (1 week, 3 days ago)
  • Ars Technica
What to know about ToolShell, the SharePoint threat under mass exploitation

Active exploitation at scale Easy to exploit. Unauthenticated access. Massive reach. ToolShell has it all. Credit: Getty Images Government agencies and private industry have been under siege over the ... Read more

Published Date: Jul 23, 2025 (1 week, 4 days ago)
  • The Register
Microsoft SharePoint victim count hits 400+ orgs in ongoing attacks

More than 400 organizations have been compromised in the Microsoft SharePoint attack, according to Eye Security, which initially sounded the alarm on the mass exploitation last Friday, even before Red ... Read more

Published Date: Jul 23, 2025 (1 week, 4 days ago)
  • CybersecurityNews
CISA Warns of Chinese Hackers Exploiting SharePoint 0-Day Flaws in Active Exploitation

CISA has issued an urgent alert regarding active exploitation of critical Microsoft SharePoint vulnerabilities by suspected Chinese threat actors. The attack campaign, dubbed “ToolShell,” leverages a ... Read more

Published Date: Jul 23, 2025 (1 week, 4 days ago)
  • security.nl
SharePoint-servers Amerikaans ministerie getroffen door aanval

SharePoint-servers van het Amerikaanse ministerie van Energie zijn afgelopen vrijdag getroffen door een aanval, zo laat een woordvoerder tegenover persbureau Bloomberg weten. Een anonieme bron stelt d ... Read more

Published Date: Jul 23, 2025 (1 week, 4 days ago)
  • CybersecurityNews
CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild

CISA has issued an urgent warning regarding two critical Microsoft SharePoint vulnerabilities that threat actors are actively exploiting in the wild. The vulnerabilities, designated as CVE-2025-49704 ... Read more

Published Date: Jul 23, 2025 (1 week, 4 days ago)
  • The Hacker News
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

Jul 23, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-497 ... Read more

Published Date: Jul 23, 2025 (1 week, 4 days ago)
  • Daily CyberSecurity
Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE

A critical vulnerability has been uncovered in the widely used JavaScript library Form-Data, impacting millions of applications that rely on it to submit form data and file uploads. Tracked as CVE-202 ... Read more

Published Date: Jul 23, 2025 (1 week, 4 days ago)
  • Daily CyberSecurity
Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706)

Last week, the Microsoft Security Response Center (MSRC) issued an urgent advisory regarding active exploitation of critical vulnerabilities in on-premises SharePoint Server installations. The alert, ... Read more

Published Date: Jul 23, 2025 (1 week, 4 days ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Microsoft Reveals Chinese State Hackers Exploiting SharePoint Flaws

Microsoft’s critical new update reveals that specific Chinese nation-state threat groups are actively exploiting vulnerabilities in its on-premises SharePoint servers. Following an earlier report from ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • The Register
Surprise, surprise: Chinese spies, IP stealers, other miscreants attacking Microsoft SharePoint servers

At least three Chinese groups are attacking on-premises SharePoint servers via a couple of recently disclosed Microsoft bugs, according to Redmond. Two of the crews behind the zero-day attacks are gov ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • The Cloudflare Blog
Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

2025-07-223 min readOn July 19, 2025, Microsoft disclosed CVE-2025-53770, a critical zero-day Remote Code Execution (RCE) vulnerability. Assigned a CVSS 3.1 base score of 9.8 (Critical), the vulnerabi ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • cybereason.com
CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

Cybereason is actively investigating exploitation of these vulnerabilities. Check the Cybereason blog for additional updates. Key Takeaways Two zero-day vulnerabilities discovered in on-premise Micros ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • The Hacker News
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Jul 22, 2025Ravie LakshmananVulnerability / Threat Intelligence Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking g ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • Help Net Security
Microsoft pins on-prem SharePoint attacks on Chinese threat actors

As Microsoft continues to update its customer guidance for protecting on-prem SharePoint servers against the latest in-the-wild attacks, more security firms have begun sharing details about the ones t ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • security.nl
Microsoft: meerdere statelijke actoren misbruiken SharePoint-lekken

Meerder statelijke actoren maken actief misbruik van kwetsbaarheden in SharePoint, zo claimt Microsoft vandaag. De aanvallen zouden mogelijk al sinds 7 juli plaatsvinden. Daarbij werd in eerste instan ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Hackers Exploit Microsoft SharePoint Flaws in Global Breaches

New information has emerged regarding ongoing cyberattacks against Microsoft’s on-premises SharePoint servers, revealing a wider impact than initially understood. Yesterday, Hackread.com reported on M ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • BleepingComputer
Microsoft Sharepoint ToolShell attacks linked to Chinese hackers

Several hacking groups with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. They used this exploit ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • The Hacker News
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • Trend Micro
Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

Exploits & Vulnerabilities CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote ... Read more

Published Date: Jul 22, 2025 (1 week, 5 days ago)
  • SentinelOne
More From Our Main Blog: SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers

On July 19th, Microsoft confirmed that a 0-day vulnerability impacting on-premises Microsoft SharePoint Servers, dubbed “ToolShell” (by researcher Khoa Dinh @_l0gg), was being actively exploited in th ... Read more

Published Date: Jul 21, 2025 (1 week, 5 days ago)
  • SentinelOne
More From Our Main Blog: SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers

On July 19th, Microsoft confirmed that a 0-day vulnerability impacting on-premises Microsoft SharePoint Servers, dubbed “ToolShell” (by researcher Khoa Dinh @_l0gg), was being actively exploited in th ... Read more

Published Date: Jul 21, 2025 (1 week, 5 days ago)
  • Ars Technica
SharePoint vulnerability with 9.8 severity rating under exploit across globe

ASSUME COMPROMISE Ongoing attacks are allowing hackers to steal credentials giving privileged access. Authorities and researchers are sounding the alarm over the active mass exploitation of a high-sev ... Read more

Published Date: Jul 21, 2025 (1 week, 6 days ago)
  • krebsonsecurity.com
Microsoft Fix Targets Attacks on SharePoint Zero-Day

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch come ... Read more

Published Date: Jul 21, 2025 (1 week, 6 days ago)
  • Kaspersky
Update Microsoft SharePoint ASAP | Kaspersky official blog

Unknown malefactors are actively attacking companies that use SharePoint Server 2016, SharePoint Server 2019 and SharePoint Server Subscription Edition. By exploiting a chain of two vulnerabilities – ... Read more

Published Date: Jul 21, 2025 (1 week, 6 days ago)
  • security.nl
NCSC en Microsoft waarschuwen voor actief misbruik van SharePoint-lek

maandag 21 juli 2025, 09:24 door Redactie, 18 reactiesLaatst bijgewerkt: Gisteren, 16:40 Het Nationaal Cyber Security Centrum (NCSC), Microsoft en het Amerikaanse cyberagentschap CISA waarschuwen voor ... Read more

Published Date: Jul 21, 2025 (1 week, 6 days ago)
  • BleepingComputer
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attac ... Read more

Published Date: Jul 21, 2025 (1 week, 6 days ago)
  • The Hacker News
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also released details of another vulnerability that it said has been addressed with "more robust ... Read more

Published Date: Jul 21, 2025 (1 week, 6 days ago)
  • Daily CyberSecurity
ToolShell: New SharePoint RCE Zero-Day Chain Under Active Global Exploitation

Image: CODE WHITE GmbH On the evening of July 18, 2025, Eye Security identified an active, large-scale exploitation of a newly discovered Microsoft SharePoint remote code execution (RCE) vulnerability ... Read more

Published Date: Jul 21, 2025 (1 week, 6 days ago)
  • Help Net Security
Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770)

Attackers are exploiting a zero-day variant (CVE-2025-53770) of a SharePoint remote code execution vulnerability (CVE-2025-49706) that Microsoft patched earlier this month, the company has confirmed o ... Read more

Published Date: Jul 20, 2025 (2 weeks ago)
  • BleepingComputer
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already comp ... Read more

Published Date: Jul 20, 2025 (2 weeks ago)
  • The Hacker News
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

Jul 20, 2025Ravie LakshmananZero-Day / Vulnerability A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. T ... Read more

Published Date: Jul 20, 2025 (2 weeks ago)
  • CybersecurityNews
SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access

A sophisticated cyberattack campaign targeting Microsoft SharePoint servers has been discovered exploiting a newly weaponized vulnerability chain dubbed “ToolShell,” enabling attackers to gain complet ... Read more

Published Date: Jul 20, 2025 (2 weeks ago)
  • Help Net Security
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE ... Read more

Published Date: Jul 09, 2025 (3 weeks, 4 days ago)
  • security.nl
Kritieke lekken in Windows, Office en SharePoint laten aanvaller code uitvoeren

Verschillende kritieke lekken in Windows, Microsoft Office en SharePoint maken remote code execution (RCE) mogelijk, waarbij er geen interactie van gebruikers is vereist. Het Windows-lek is volgens on ... Read more

Published Date: Jul 09, 2025 (3 weeks, 4 days ago)
  • security.nl
Kritieke lekken in Windows, Office en SharePoint laten aanvaller code uitvoeren

Verschillende kritieke lekken in Windows, Microsoft Office en SharePoint maken remote code execution (RCE) mogelijk, waarbij er geen interactie van gebruikers is vereist. Het Windows-lek is volgens on ... Read more

Published Date: Jul 09, 2025 (3 weeks, 4 days ago)
  • The Cyber Express
Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed, 17 High-Risk

Patch Tuesday for July 2025 was the busiest day for Microsoft fixes since January, with 130 Microsoft CVEs patched – including 17 ones at high risk for exploitation. July’s total also included 10 non- ... Read more

Published Date: Jul 08, 2025 (3 weeks, 5 days ago)
  • The Cyber Express
Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed, 17 High-Risk

Patch Tuesday for July 2025 was the busiest day for Microsoft fixes since January, with 130 Microsoft CVEs patched – including 17 ones at high risk for exploitation. July’s total also included 10 non- ... Read more

Published Date: Jul 08, 2025 (3 weeks, 5 days ago)

The following table lists the changes that have been made to the CVE-2025-49704 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jul. 30, 2025

    Action Type Old Value New Value
    Changed Required Action CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
  • Modified Analysis by [email protected]

    Jul. 23, 2025

    Action Type Old Value New Value
    Added Reference Type CISA-ADP: https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ Types: Vendor Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jul. 23, 2025

    Action Type Old Value New Value
    Added Date Added 2025-07-22
    Added Due Date 2025-07-23
    Added Required Action CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
    Added Vulnerability Name Microsoft SharePoint Code Injection Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 22, 2025

    Action Type Old Value New Value
    Added Reference https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
  • Initial Analysis by [email protected]

    Jul. 16, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
    Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 Types: Vendor Advisory
  • New CVE Received by [email protected]

    Jul. 08, 2025

    Action Type Old Value New Value
    Added Description Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-94
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-49704 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-49704 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability