Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
History

Wed, 09 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Jul 2025 17:15:00 +0000

Type Values Removed Values Added
Description Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Title Microsoft SharePoint Remote Code Execution Vulnerability
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-07-08T16:58:05.908Z

Updated: 2025-07-09T13:46:56.523Z

Reserved: 2025-06-09T19:59:44.875Z

Link: CVE-2025-49704

cve-icon Vulnrichment

Updated: 2025-07-09T13:46:53.475Z

cve-icon NVD

Status : Received

Published: 2025-07-08T17:15:57.867

Modified: 2025-07-08T17:15:57.867

Link: CVE-2025-49704

cve-icon Redhat

No data.