Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
History

Tue, 22 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 22 Jul 2025 16:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-07-22T00:00:00+00:00', 'dueDate': '2025-07-23T00:00:00+00:00'}


Wed, 16 Jul 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft sharepoint Server
CPEs cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft sharepoint Server

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00185}

epss

{'score': 0.00179}


Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00165}

epss

{'score': 0.00185}


Wed, 09 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Jul 2025 17:15:00 +0000

Type Values Removed Values Added
Description Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Title Microsoft SharePoint Remote Code Execution Vulnerability
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-07-08T16:58:05.908Z

Updated: 2025-07-30T01:36:09.733Z

Reserved: 2025-06-09T19:59:44.875Z

Link: CVE-2025-49704

cve-icon Vulnrichment

Updated: 2025-07-09T13:46:53.475Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-08T17:15:57.867

Modified: 2025-07-30T01:00:01.490

Link: CVE-2025-49704

cve-icon Redhat

No data.