Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2025-49704

Опубликовано: 08 июл. 2025
Источник: msrc
CVSS3: 8.8
EPSS Средний

Описание

Microsoft SharePoint Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

FAQ

According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability?

The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

How could an attacker exploit the vulnerability?

In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.

Обновления

ПродуктСтатьяОбновление
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation More Likely

DOS

N/A

EPSS

Процентиль: 94%
0.12698
Средний

8.8 High

CVSS3

Связанные уязвимости

CVSS3: 8.8
nvd
26 дней назад

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS3: 8.8
github
26 дней назад

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS3: 8.8
fstec
26 дней назад

Уязвимость пакета программ Microsoft SharePoint, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код

CVSS3: 6.5
msrc
14 дней назад

Microsoft SharePoint Server Spoofing Vulnerability

CVSS3: 9.8
msrc
15 дней назад

Microsoft SharePoint Server Remote Code Execution Vulnerability

EPSS

Процентиль: 94%
0.12698
Средний

8.8 High

CVSS3