CVE-2025-47172

Опубликовано: 11 июн. 2025

Источник: msrc

CVSS3: 8.8

EPSS Низкий

Описание

Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

FAQ

How could an attacker exploit the vulnerability?

In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.

Обновления

Продукт	Статья	Обновление
Microsoft SharePoint Enterprise Server 2016	5002732	Security Update
Microsoft SharePoint Server 2019	5002729	Security Update
Microsoft SharePoint Server Subscription Edition	5002736	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 37%

0.00151

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2025-47172

CVSS3: 8.8

nvd

8 дней назад

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

GHSA-rq5m-6c4v-55rj

CVSS3: 8.8

github

8 дней назад

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

BDU:2025-06679

CVSS3: 8.8

fstec

9 дней назад

Уязвимость пакетов программ Microsoft SharePoint Server и SharePoint Enterprise Server, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 37%

0.00151

Низкий

8.8 High

CVSS3