Microsoft SharePoint Code Injection Vulnerability
Description
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704.
Required Action
CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
References
- CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
- https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
- https://nvd.nist.gov/vuln/detail/CVE-2025-49704
Additional Information
- Catalog Version
- 2025.07.22
- Catalog Released
- July 22, 2025
- Days Until Due
- 0 days
- Last Updated
- 3 days, 21 hours ago