### Name of the Vulnerable Software and Affected Versions:

Microsoft SharePoint versions prior to the latest patches.

Microsoft SharePoint Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition (SE)

### Description:

The vulnerability involves improper control of code generation ('code injection') in Microsoft Office SharePoint, allowing an authorized attacker to execute code over a network. This issue bypasses a previously patched vulnerability (CVE-2025-49704), demonstrating attackers' ability to adapt and find new exploitation methods. The vulnerability allows an authenticated attacker to execute code remotely. Approximately 24.9K services are potentially affected annually. The vulnerability has been actively exploited in on-premises Microsoft SharePoint servers, leading to unauthorized access and data breaches. SharePoint Online is not affected. The vulnerability can be exploited as long as an attacker has an account on the platform. A proof-of-concept (POC) exploit, known as ToolShell, has been shared and a web shell, Spingstall0.aspx, is associated with the exploitation.

### Recommendations:

Install the latest patches for Microsoft SharePoint Server 2016.

Install the latest patches for Microsoft SharePoint Server 2019.

Install the latest patches for Microsoft SharePoint Server Subscription Edition (SE).