CVE-2025-49704: Microsoft SharePoint Code Injection Vulnerability.

Microsoft SharePoint Code Injection Vulnerability. Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.

• CISA KEV-listed (remediation due 2025-07-23)
• used in ransomware campaigns
• EPSS 59.6% (98.3% percentile)

Detection rules

• Potential SharePoint ToolShell CVE-2025-53770 Exploitation - File Create critical
• Suspicious File Write to SharePoint Layouts Directory high

Browse the CVE database

Read the full analysis on IntelFusions