CVE-2025-49704 HIGH

CVE-2025-49704: Microsoft SharePoint Remote Code Execution Vulnerability

Vendor Microsoft
Product Microsoft SharePoint Enterprise Server 2016
Weakness CWE-94 · Code injection
KEV Status Known Exploited
Ransomware Used in campaigns
Published July 8, 2025
Last update February 13, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CISA mandated remediation

02CISA Required Action

Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Key dates

03Disclosure timeline

July 8, 2025 CVE published
February 13, 2026 Record updated

External resources

04References