CVE-2025-49704

ENISA EUVD: EUVD-2025-20554 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 14 articles Published: 2025-07-08

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

59.58%

probability

This CVE has a 59.58% probability of being exploited in the next 30 days.

0% Top 98.3th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Unproven

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Description

NVD

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Affected Products

Microsoft

Microsoft SharePoint Enterprise Server 2016

16.0.0

Microsoft

Microsoft SharePoint Server 2019

16.0.0

microsoft

sharepoint server

Microsoft

Microsoft SharePoint Server 2019

16.0.0 <16.0.10417.20027

Microsoft

Microsoft SharePoint Enterprise Server 2016

16.0.0 <16.0.5508.1000

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-913 · Improper Control of Dynamically-Managed Code Resources CWE-94 · Code Injection

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704

vendor-advisory patch

Signal Intelligence

Confidenceⓘ

92%

EPSS 59.58%

CVSS v3.1 8.8

Mentions 14

Last Seen Jul 22, 2025

CNA Information

CNA Assigner

microsoft

CNA Title

Microsoft SharePoint Remote Code Execution Vulnerability

Analyst Note

Article [2] explicitly names this CVE as a SharePoint zero-day exploited in RCE attacks with no patch available at time of exploitation report. Article [1] confirms emergency patches were released for SharePoint RCE flaws exploited in active attacks. The CVE publication date (2025-07-08) aligns with Microsoft's July 2025 Patch Tuesday, indicating exploitation preceded or coincided with patch availability.

Threat Actors 61

APT 29

apt_group Information theft and espionage 🇷🇺 RU

Cobalt

apt_group Financial crime 🇷🇺 RU

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Vicious Panda

apt_group Information theft and espionage 🇨🇳 CN

Evil Corp

apt_group Financial crime 🇷🇺 RU

Hacking Team

apt_group 🇮🇹 IT

SCATTERED SPIDER

apt_group Financial crime 🇺🇸 US

LAPSUS

apt_group 🇬🇧 GB

The Shadow Brokers

apt_group 🇷🇺 RU

Dropping Elephant

apt_group Information theft and espionage 🇮🇳 IN

APT3

apt_group Information theft and espionage 🇨🇳 CN

Infy

apt_group Information theft and espionage 🇮🇷 IR

Just Evil

apt_group 🇷🇺 RU

Group 27

apt_group Information theft and espionage 🇨🇳 CN

Lucky Cat

apt_group Information theft and espionage 🇨🇳 CN

HomeLand Justice

apt_group Sabotage and destruction 🇮🇷 IR

Predatory Sparrow

apt_group Sabotage and destruction 🇮🇱 IL

Pirate Panda

apt_group Information theft and espionage 🇨🇳 CN

[Unnamed group]

apt_group 🇨🇳 CN

FamousSparrow

apt_group Information theft and espionage 🇨🇳 CN

Silent Lynx

apt_group Information theft and espionage 🇰🇿 KZ

Earth Estries

apt_group Information theft and espionage 🇨🇳 CN

APT31

apt_group Information theft and espionage 🇨🇳 CN

APT 22

apt_group Information theft and espionage 🇨🇳 CN

Rocke

apt_group 🇨🇳 CN

APT 6

apt_group Information theft and espionage 🇨🇳 CN

UNC215

apt_group Information theft and espionage 🇨🇳 CN

Bitwise Spider

apt_group Financial gain 🇷🇺 RU

UNC2891

apt_group Financial gain 🇨🇳 CN

Stealth Falcon

apt_group Information theft and espionage 🇦🇪 AE

Silent Crow

apt_group 🇺🇦 UA

COOKIE SPIDER

apt_group 🇷🇺 RU

The White Company

apt_group Information theft and espionage 🇨🇳 CN

Radio Panda

apt_group Information theft and espionage 🇨🇳 CN

Test Panda

apt_group 🇨🇳 CN

Circles

apt_group Global

Operation Red Signature

apt_group Information theft and espionage 🇨🇳 CN

Operation Domino

apt_group Information theft and espionage 🇷🇺 RU

Operation Digital Eye

apt_group Information theft and espionage 🇨🇳 CN

Unnamed Actor

apt_group 🇨🇳 CN

TRAVELING SPIDER

apt_group Financial gain 🇷🇺 RU

The Big Bang

apt_group Information theft and espionage 🇵🇸 PS

Shadow Network

apt_group Information theft and espionage 🇨🇳 CN

SINGING SPIDER

apt_group 🇺🇸 US

Mana Team

apt_group 🇨🇳 CN

Impersonating Panda

apt_group 🇨🇳 CN

Liminal Panda

apt_group 🇨🇳 CN

Redfly

apt_group 🇨🇳 CN

Nazar

apt_group Information theft and espionage 🇮🇷 IR

Big Panda

apt_group 🇨🇳 CN

APT 5

apt_group Information theft and espionage 🇨🇳 CN

Cyber Alliance

apt_group 🇺🇦 UA

Predator Panda

apt_group 🇨🇳 CN

Beijing Group

apt_group Information theft and espionage 🇨🇳 CN

LightBasin

apt_group Information theft and espionage 🇨🇳 CN

Dust Storm

apt_group Information theft and espionage 🇨🇳 CN

Electric Panda

apt_group 🇨🇳 CN

Storm-0558

apt_group Information theft and espionage 🇨🇳 CN

Dark Partners

apt_group

Unit 29155

apt_group Sabotage and destruction 🇷🇺 RU

Union Panda

apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateJul 08, 2025