[Vulnerability Alert] Two Significant Security Vulnerabilities in Microsoft SharePoint Server

• Subject: [Vulnerability Alert] Two Significant Security Vulnerabilities in Microsoft SharePoint Server

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000014
  • Microsoft SharePoint Server is an enterprise-grade collaboration platform that provides document management and team collaboration features, making it a core platform for enterprise information integration.
  • [CVE-2025-49704, CVSS: 8.8] This is a code injection vulnerability that allows an authenticated attacker to execute arbitrary code remotely.
  • [CVE-2025-53770, CVSS: 9.8] This is an untrusted data deserialization vulnerability that allows an unauthenticated attacker to execute arbitrary code.
  • In addition, according to current intelligence, CVE-2025-49704, CVE-2025-49706, and CVE-2025-53770 in Microsoft SharePoint have been exploited by hackers. Please complete the update as soon as possible and check for any abnormal access.
• Affected Platforms:
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
• Recommended Action:
  • Apply patches according to the solutions released on the official website:
  • [CVE-2025-49704] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
  • [CVE-2025-53770] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770
• References:
  • https://www.twcert.org.tw/tw/cp-169-10277-e0fc0-1.html

Computer and Communications Center
Network Systems Group