Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-49704
CVE-2025-49704:
vulnerability analysis and mitigation
Overview
A critical vulnerability identified as CVE-2025-49704 affects Microsoft Office SharePoint, allowing an authorized attacker to execute code over a network through improper control of code generation (code injection). The vulnerability was initially disclosed on July 8, 2025, and has been actively exploited in the wild (NVD, CISA). The vulnerability affects multiple versions of SharePoint Server, including SharePoint Server 2019 and 2016.
Technical details
The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) and allows code injection attacks. The vulnerability specifically affects the authentication mechanism in SharePoint, enabling attackers to execute remote code through network-based attacks (NVD).
Impact
The exploitation of this vulnerability can lead to full system compromise, allowing attackers to execute arbitrary code on affected SharePoint servers. Successful exploitation enables threat actors to gain unauthorized access to SharePoint content, including file systems and internal configurations, and execute malicious code over the network (Microsoft Security).
Mitigation and workarounds
Microsoft has released comprehensive security updates for all supported versions of SharePoint Server. Organizations should immediately apply these updates and implement several critical mitigations: use supported versions of SharePoint Server, enable and configure Antimalware Scan Interface (AMSI), deploy Microsoft Defender Antivirus, rotate SharePoint Server ASP.NET machine keys, and restart IIS on all SharePoint servers. For organizations unable to immediately patch, it is recommended to disconnect affected servers from the internet (MSRC Blog).
Community reactions
CISA has added this vulnerability to their Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to take immediate action. The security community has responded with heightened concern due to the active exploitation by multiple threat actors and the potential for ransomware deployment (CISA).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management