CVE-2025-47172: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sharepoint_enterprise_server_2016	>= 16.0.0 < 16.0.5504.1001	16.0.5504.1001
microsoft	microsoft_sharepoint_server_2019	>= 16.0.0 < 16.0.10417.20018	16.0.10417.20018
microsoft	microsoft_sharepoint_server_subscription_edition	>= 16.0.0 < 16.0.18526.20396	16.0.18526.20396
microsoft	sharepoint_enterprise_server	—	—
microsoft	sharepoint_server	<= 16.0.18526.20396	—
microsoft	sharepoint_server	—	—
msrc	microsoft_sharepoint_enterprise_server_2016	—	—
msrc	microsoft_sharepoint_server_2019	—	—
msrc	microsoft_sharepoint_server_subscription_edition	—	—