Primary

Context

Microsoft SharePoint Server Privilege Escalation Vulnerability via Server-Side Request Forgery

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in Microsoft Office SharePoint. This vulnerability allows an authorized attacker to elevate privileges over a network. It affects multiple SharePoint products, including SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain the rights of the compromised user.

Remediation

Users can apply the security update corresponding to their SharePoint version. For SharePoint Server Subscription Edition, the update is available as KB5002773. SharePoint Server 2019 users should install KB5002769, and those using SharePoint Enterprise Server 2016 can apply KB5002771.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft SharePoint Server Privilege Escalation Vulnerability via Server-Side Request Forgery

Vulnerability

Impact

Remediation

Affected Products

Microsoft SharePoint Server Subscription Edition

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating