CVE-2025-49712

CWE-502Deserialization of Untrusted Data4 documents4 sources
Severity
8.8HIGH
EPSS
5.6%
top 9.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Microsoft Sharepoint Enterprise Server 2016Microsoft Microsoft Sharepoint Server 2019Microsoft Sharepoint Server
Timeline
PublishedAug 12

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/microsoft_sharepoint_server_201916.0.016.0.10417.20041
CVEListV5microsoft/microsoft_sharepoint_enterprise_server_201616.0.016.0.5513.1002
NVDmicrosoft/sharepoint_server2016, 2019+1

🔴Vulnerability Details

2
CVEList
Microsoft SharePoint Remote Code Execution Vulnerability2025-08-12
GHSA
GHSA-mcww-299h-4wf7: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network2025-08-12

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Remote Code Execution Vulnerability2025-08-12
CVE-2025-49712 (HIGH CVSS 8.8) | Deserialization of untrusted data i | cvebase.io