Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. The update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-49704 | Microsoft SharePoint Code Injection Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
When chained with CVE-2025-49706, this vulnerability allows for an attacker to send a malicious __VIEWSTATE object to the same endpoint that the POST requests were sent to. This exploits a code injection flaw and allows for code execution.
References
|
| CVE-2025-49704 | Microsoft SharePoint Code Injection Vulnerability | primary_impact | T1059.003 | Windows Command Shell |
Comments
When chained with CVE-2025-49706, this vulnerability allows for an attacker to send a malicious __VIEWSTATE object to the same endpoint that the POST requests were sent to. This exploits a code injection flaw and allows for code execution.
References
|