CVE-2025-49704

⚠ KEVEPSS 59.6%

Microsoft SharePoint Code Injection Vulnerability

Added to CISA KEV: 7/22/2025

Description

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

Affected packages (0)

No package mapping in OSV.