| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2025-47172 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Microsoft SharePoint | Critical | 09-07-2025 |
Technical Information
An SQL injection vulnerability in Microsoft Office SharePoint Server leading to remote code execution, due to improper neutralization of special elements in SQL commands, allows an authenticated attacker with at least Site Member permissions to execute code remotely over a network on the SharePoint Server
Patch release date: Jun 10, 2025
Further information on this vulnerability is available at : CVE-2025-47172
Affected Software
Microsoft SharePoint Enterprise Server 2016,Microsoft SharePoint Server 2019,
Microsoft SharePoint Server Subscription Edition