CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability | Microsoft SharePoint | Critical | 04-08-2025 |
Technical Information
The attacker may exploit a code injection vulnerability in Microsoft SharePoint to execute arbitrary code remotely over a network. This vulnerability can be triggered by any authenticated user with Site Owner privileges, without requiring admin or elevated access, allowing code execution on the SharePoint Server.
Patch release date: Jul 08, 2025
Further information on this vulnerability is available at : CVE-2025-49704
Affected Software
Microsoft SharePoint Enterprise Server 2016,Microsoft SharePoint Server 2019