6 matches found
CVE-2025-53770
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.Microsoft is preparing and fully testing a comprehensive update to address this vulner...
CVE-2025-49704
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49706
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-53771
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49701
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49703
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.