Microsoft releases detailed patch guidance for every SharePoint server remote vulnerability

Microsoft releases detailed patch guidance for every SharePoint server remote vulnerability

Home » News » Microsoft releases detailed patch guidance for every SharePoint server remote vulnerability
Table of Contents

Earlier at the moment, Microsoft printed preliminary particulars relating to the SharePoint vulnerability which is being actively exploited by risk actors. Tracked underneath CVE-2025-53770, the flaw permits cyber-attackers and unauthorized entities to remotely execute arbitrary code on on-premises SharePoint servers with none authentication.

Microsoft’s Defender Vulnerability Administration group reiterated that it’s conscious of the widespread downside and has issued detailed steerage on flaws, their nature, severity and the patch standing. This steerage applies to CVE‑2025‑49704, CVE‑2025‑49706, which have already been patched, in addition to CVE‑2025‑53770 and CVE‑2025‑53771 that are receiving patches now:

 CVE

Kind

 CVSS v3.1

Patch standing

CVE‑2025‑49704

Improper management of code‑technology → authenticated RCE

8.8 (Excessive)

Mounted within the 8 July 2025 safety updates — Subscription Version KB 5002768, SharePoint Server 2019 KB 5002741, SharePoint Server 2016 KB 5002744. Microsoft Help

CVE‑2025‑49706

Improper authentication / spoofing

6.3 (Medium)

Mounted in the identical 8 July 2025 updates (KB 5002768 / 5002741 / 5002744). Microsoft Help

CVE‑2025‑53770

Deserialization of untrusted information → unauthenticated RCE

9.8 (Crucial)

Emergency patch launched for Subscription Version KB 5002768 and SharePoint 2019 KB 5002754; patch for SharePoint 2016 continues to be pending. Microsoft Safety Response Heart

CVE‑2025‑53771

Path‑traversal / spoofing

6.3 (Medium)

Addressed by the similar emergency updates as CVE‑2025‑53770 (SE KB 5002768, 2019 KB 5002754); SharePoint 2016 repair forthcoming. Microsoft Safety Response Heart

Up subsequent, the corporate has additionally printed a desk simplifying the affected SharePoint Server variations throughout the 4 vulnerabilities:

Product

CVE‑2025‑49704

CVE‑2025‑49706

CVE‑2025‑53770

CVE‑2025‑53771

SharePoint Server Subscription Version

✅ Affected

✅ Affected

✅ Affected

✅ Affected

SharePoint Server 2019

✅ Affected

✅ Affected

✅ Affected

✅ Affected

SharePoint Server 2016

✅ Affected

✅ Affected

✅ Affected

✅ Affected

SharePoint On-line

❌ Not affected

❌ Not affected

❌ Not affected

❌ Not affected

You will discover extra particulars right here on the official weblog submit on Microsoft’s Tech Neighborhood web site.

author avatar
roosho Senior Engineer (Technical Services)
I am Rakib Raihan RooSho, Jack of all IT Trades. You got it right. Good for nothing. I try a lot of things and fail more than that. That's how I learn. Whenever I succeed, I note that in my cookbook. Eventually, that became my blog. 
See Full Bio
IT Support Specialist Server and Storage Specialist Dell MidRange Storage Solutions Specialist
social network icon social network icon social network icon social network icon social network icon

share this article.

related posts .

close menu icon

Enjoying my articles?

Sign up to get new content delivered straight to your inbox.

Please enable JavaScript in your browser to complete this form.
Name