Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Critical

Microsoft SharePoint Server Spoofing Vulnerability

IdentifiersCVE-2025-64672CWE-79· Improper Neutralization of Input…

CVE-2025-64672 is a high-severity Microsoft Office SharePoint vulnerability caused by improper neutralization of input during web page generation, i.e., a cross-site scripting (XSS) flaw. According to the provided content, the issue affects Microsoft Office SharePoint and allows an authorized attacker to perform spoofing over a network. The vulnerability is identified by Microsoft as a SharePoint Server spoofing vulnerability and is mapped to CWE-79. No additional technical detail about the specific vulnerable function, parameter, page, or whether the XSS is reflected, stored, or DOM-based is provided in the supplied material.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an authenticated attacker to conduct spoofing attacks against SharePoint users over the network. Based on the supplied CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), the vulnerability may have significant impact to confidentiality, integrity, and availability, although the provided narrative specifically characterizes the outcome as spoofing. The supplied content does not provide further verified detail on post-exploitation actions beyond that attacker capability.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by limiting access to SharePoint to trusted users and networks, minimizing the number of accounts with SharePoint access, and monitoring for suspicious content injection or anomalous SharePoint page behavior. Because the provided content states exploitation requires an authorized attacker, enforcing least privilege and reviewing authenticated user permissions may reduce risk. The supplied material does not include any Microsoft-published workaround or feature-specific mitigation.

Remediation

Patch, then assume compromise.

Apply Microsoft's December 2025 security update for SharePoint associated with CVE-2025-64672. The provided content references Microsoft's MSRC Update Guide entry for this CVE as the authoritative remediation source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64672. No specific affected SharePoint versions or KB numbers are included in the supplied material.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Microsoft CorporationSharepoint Serverapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
cvefeed high severityNews
Dec 9, 2025
CVE-2025-64672 - Microsoft SharePoint Server Spoofing Vulnerability

A Microsoft SharePoint (Microsoft Office SharePoint) cross-site scripting (CWE-79) issue that enables an authorized attacker to perform spoofing over the network.

Read more
cyberscoopNews
Dec 9, 2025
Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day

A high-severity vulnerability in Microsoft Office SharePoint with a CVSS score of 8.8.

Read more
learn microsoftNews
Dec 9, 2025
Microsoft December 2025 Security Updates / FYI - Microsoft Q&A

Specific Microsoft vulnerability affecting Microsoft Office SharePoint listed in the December 2025 Security Updates.

Read more
learn microsoftNews
Dec 9, 2025
Microsoft December 2025 Security Updates / FYI - Microsoft Q&A

A Microsoft December 2025 security update vulnerability affecting Microsoft Office SharePoint.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-64672
NVD
nvd.nist.gov/vuln/detail/CVE-2025-64672
MITRE CWE · CWE-79
Improper Neutralization of Input During Web…
Vendor Advisory
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64672