**Name of the Vulnerable Software and Affected Versions:**

Microsoft SharePoint versions prior to the July 2025 patchday

Microsoft SharePoint Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition (SE)

Microsoft Office SharePoint (affected versions not specified)

**Description:**

A code injection vulnerability exists in Microsoft SharePoint, allowing an authenticated attacker to execute arbitrary code over a network. This vulnerability is related to improper control of code generation and deserialization of untrusted data. The vulnerability has been actively exploited by multiple actors, including those attributed to Chinese state-sponsored groups, resulting in breaches of US federal agencies. Approximately 24.9k services are found to be affected yearly. The initial patch released by Microsoft for CVE-2025-49704 was ineffective, and attackers were able to bypass it. The vulnerability allows for remote code execution and potential deployment of web shells. Exploitation can lead to unauthorized access and data breaches.

**Recommendations:**

For Microsoft SharePoint Server 2016, install the latest patches.

For Microsoft SharePoint Server 2019, install the latest patches.

For Microsoft SharePoint Server Subscription Edition (SE), install the latest patches.

For all affected versions, apply the July 2025 security updates.

For systems where the initial patch was applied, ensure configuration upgrades are manually run to fully address the vulnerability.