
CVE-2025-53771 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-53771
20 Jul 2025 — Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-707: Improper Neutralization •

CVE-2025-53770 – Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2025-53770
20 Jul 2025 — Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. Deserialization of untrusted data in on-premises Microso... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 • CWE-502: Deserialization of Untrusted Data •

CVE-2025-49701 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49701
08 Jul 2025 — Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49701 • CWE-285: Improper Authorization •

CVE-2025-49706 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-49706
08 Jul 2025 — Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Referer HTTP header provided to the ToolPane endpoint. The application does not adequately restrict access to a protected API. An attacker can leverage this v... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706 • CWE-287: Improper Authentication •

CVE-2025-47172 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47172
10 Jun 2025 — Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47172 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2025-47166 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47166
10 Jun 2025 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://www.exploit-db.com/exploits/52349 • CWE-502: Deserialization of Untrusted Data •

CVE-2025-47163 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47163
10 Jun 2025 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47163 • CWE-502: Deserialization of Untrusted Data •

CVE-2025-30384 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-30384
13 May 2025 — Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30384 • CWE-502: Deserialization of Untrusted Data •

CVE-2025-30382 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-30382
13 May 2025 — Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30382 • CWE-502: Deserialization of Untrusted Data •

CVE-2025-30378 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-30378
13 May 2025 — Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30378 • CWE-502: Deserialization of Untrusted Data •