<< Back
CVE Number Vulnerability Product Severity Date
CVE-2025-49704 Microsoft SharePoint Remote Code Execution Vulnerability Microsoft SharePoint Critical 04-08-2025

Technical Information

The attacker may exploit a code injection vulnerability in Microsoft SharePoint to execute arbitrary code remotely over a network. This vulnerability can be triggered by any authenticated user with Site Owner privileges, without requiring admin or elevated access, allowing code execution on the SharePoint Server.

Patch release date: Jul 08, 2025
Further information on this vulnerability is available at : CVE-2025-49704

Affected Software

Microsoft SharePoint Enterprise Server 2016,
Microsoft SharePoint Server 2019