Security
Headlines
HeadlinesLatestCVEs

Tag

#Microsoft Office SharePoint

CVE-2025-47172: Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Security Response Center
#sql#vulnerability#microsoft#rce#auth#Microsoft Office SharePoint#Security Vulnerability
CVE-2025-21400: Microsoft SharePoint Server Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.