CVE-2025-49704

HIGH Actively Exploited

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS v3

8.8

HIGH

EPSS Score

59.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

active

SSVC status

Description

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Technical Details

CVSS v3 Vector
3.1
Published
7/8/2025
Last Modified
10/27/2025

Frequently Asked Questions

What is CVE-2025-49704?

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Is CVE-2025-49704 actively exploited?

Yes. CVE-2025-49704 has been observed in active exploitation according to SSVC analysis.

What is the CVSS score for CVE-2025-49704?

CVE-2025-49704 has a CVSS v3 base score of 8.8 (HIGH severity), with vector string 3.1.

Is CVE-2025-49704 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IPSearch CVEs
Back to CVE Database