Microsoft Discloses Two SharePoint Remote Code Execution Vulnerabilities
Microsoft published security advisories for CVE-2025-49704 and CVE-2025-49701, identifying both flaws as Microsoft SharePoint Remote Code Execution vulnerabilities. The entries were added to the Microsoft Security Update Guide, indicating that SharePoint deployments are affected by vulnerabilities that could allow code execution on targeted systems.
The advisories provide formal tracking for two separate SharePoint RCE issues and signal that organizations running Microsoft SharePoint should review the associated update guidance and remediation information for both CVEs. The dual disclosure highlights concurrent risk in a widely used enterprise collaboration platform and raises the urgency for defenders to assess exposure across SharePoint environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisories for SharePoint RCE flaws CVE-2025-49701 and CVE-2025-49704
Microsoft added Security Update Guide entries for CVE-2025-49701 and CVE-2025-49704, both identified as Microsoft SharePoint Remote Code Execution vulnerabilities. The references indicate public disclosure of these vulnerabilities through Microsoft's advisory system.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
CVE-2025-49704 - Security Update Guide - Microsoft - Microsoft SharePoint Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-49701 - Security Update Guide - Microsoft - Microsoft SharePoint Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-49701 - Security Update Guide - Microsoft - Microsoft SharePoint Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft patched multiple Exchange and SharePoint remote code execution flaws
Microsoft disclosed and patched several **remote code execution** vulnerabilities affecting **Exchange Server** and **SharePoint Server**, including Exchange flaws tracked as `CVE-2023-21706`, `CVE-2023-28310`, and `CVE-2023-36439`, alongside SharePoint issues `CVE-2026-33110`, `CVE-2026-33112`, and `CVE-2026-40368`. The SharePoint vulnerabilities were tied to **deserialization of untrusted data** and were rated **Important**, with CVSS scores of **8.8** for `CVE-2026-33110` and `CVE-2026-33112`, and **8.0** for `CVE-2026-40368`. Microsoft said `CVE-2026-33110` could let an authenticated attacker with at least **Site Member** permissions execute code remotely on a vulnerable SharePoint Server, while `CVE-2026-33112` required at least **Site Owner** privileges to inject and run arbitrary code. For `CVE-2026-40368`, exploitation involved a client connecting to a malicious server, potentially leading to code execution on the client. Microsoft reported that the SharePoint flaws were **not publicly disclosed** and **not exploited in the wild** at publication, assessed exploitation as less likely, and released fixes, including a shared KB update for **SharePoint Server 2016** and **SharePoint Enterprise Server 2016**.
May 25, 2026Microsoft Fixes Multiple Remote Code Execution Flaws Across SharePoint, Edge, Azure, and Power Pages
Microsoft published security advisories for several remote code execution vulnerabilities affecting **SharePoint**, **Microsoft Edge (Chromium-based)**, **Azure Orbital Spatio**, **Azure Virtual Network Gateway**, and **Microsoft Power Pages**, including `CVE-2026-45659`, `CVE-2026-45495`, `CVE-2026-40412`, `CVE-2026-40411`, and `CVE-2026-23652`. The most detailed disclosures focused on SharePoint Server, where Microsoft described `CVE-2026-35439` and `CVE-2026-40357` as **deserialization of untrusted data** flaws that could let authenticated attackers execute arbitrary code over the network on vulnerable servers. Microsoft rated both SharePoint issues **Important** with **CVSS 8.8** and said exploitation requires valid access, with `CVE-2026-35439` requiring at least **Site Owner** privileges and `CVE-2026-40357` requiring **Site Member** permissions. The company said neither flaw had been publicly disclosed or exploited in the wild at publication and assessed exploitation as less likely, while providing fixes that also apply to both **SharePoint Server 2016** and **SharePoint Enterprise Server 2016**. Microsoft also disclosed `CVE-2026-40362`, an **Excel** heap-based buffer overflow that can lead to remote code execution if a user opens a malicious Office file; Microsoft said the Preview Pane is not an attack vector and that a patch is available.
May 27, 2026
Microsoft Discloses Denial-of-Service Flaws in SharePoint Server and .NET Framework
Microsoft published security advisories for two denial-of-service vulnerabilities affecting widely deployed enterprise software: **CVE-2024-43466** in **Microsoft SharePoint Server** and **CVE-2026-23666** in the **.NET Framework**. Both entries were released through the Microsoft Security Response Center's Security Update Guide, identifying the products and impact category as denial of service. The disclosures indicate that organizations running on-premises SharePoint environments or applications dependent on the .NET Framework should review Microsoft's update guidance and assess exposure across affected systems. While the advisories provided limited public technical detail, the combination of flaws highlights continued risk to core Microsoft infrastructure components that support collaboration platforms and business applications.
May 25, 2026