Sharepoint

  1. CVE-2025-49704 Published Jul 8, 2025

    high 8.8

    Exploit known

    Microsoft Office SharePointToolShell

    Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  2. CVE-2025-49706 Published Jul 8, 2025

    medium 6.5

    Exploit known

    Microsoft Office SharePointToolShell

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  3. CVE-2025-53770 Published Jul 20, 2025

    critical 9.8

    Exploit known

    Microsoft SharePointToolShell

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.