What is it?
A bug in Microsoft Office SharePoint Service (2016, 2019 and Subscription) allows an authorized attacker to execute code over a network.
Why is it a risk?
Although authorized users are generally more trusted than the the population at large, they should not be allowed to execute arbirary code on your server.
https://cve.org rates the severity of this risk as “High.”
How can you mitigate the risk?
Follow the directions provided in the Microsoft link below.
Resources:
Microsoft – Customer guidance for SharePoint vulnerability CVE-2025-49701
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49701
