CVE-2025-49704: 
vulnerability analysis and mitigation

CVE-2025-49704 is a remote code execution vulnerability in Microsoft Office SharePoint that was disclosed on July 8, 2025. The vulnerability stems from improper control of generation of code (code injection) in SharePoint that allows an authenticated attacker with Site Member permissions to execute arbitrary code on the SharePoint server over a network (Talos Blog, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Microsoft has assessed that the attack complexity is low and exploitation is more likely. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) (NVD, Talos Blog).

If successfully exploited, this vulnerability allows an authenticated attacker with Site Member permissions to execute arbitrary code remotely on the SharePoint server, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (Talos Blog).

Microsoft has released security updates to address this vulnerability as part of the July 2025 Patch Tuesday updates. The fix is included in security update KB5002744 for SharePoint Enterprise Server 2016 (Microsoft Support).