1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Microsoft SharePoint Code Injection Vulnerability

Known Exploited Vulnerabilities CVE-2025-49704

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-49704 Microsoft SharePoint Code Injection Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
When chained with CVE-2025-49706, this vulnerability allows for an attacker to send a malicious __VIEWSTATE object to the same endpoint that the POST requests were sent to. This exploits a code injection flaw and allows for code execution.
References
  1. https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/
CVE-2025-49704 Microsoft SharePoint Code Injection Vulnerability primary_impact T1059.003 Windows Command Shell
Comments
When chained with CVE-2025-49706, this vulnerability allows for an attacker to send a malicious __VIEWSTATE object to the same endpoint that the POST requests were sent to. This exploits a code injection flaw and allows for code execution.
References
  1. https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/