CVE-2025-47172 is a critical vulnerability in Microsoft SharePoint Server that allows authorized attackers to execute arbitrary code over a network due to improper neutralization of special elements used in SQL commands, commonly known as SQL injection. This vulnerability affects multiple versions of SharePoint Server, including SharePoint Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition.
Affected Versions:
- SharePoint Server 2016
- SharePoint Server 2019
- SharePoint Server Subscription Edition
Microsoft has released security updates to address this vulnerability. It is crucial to apply these updates promptly to protect your systems. The specific updates for each affected version are as follows:
- SharePoint Server 2016:
- Security Update KB5002692 (April 8, 2025)
- This update resolves multiple remote code execution vulnerabilities. (support.microsoft.com)
- SharePoint Server 2019:
- Security Update KB5002678 (February 11, 2025)
- This update addresses remote code execution vulnerabilities. (support.microsoft.com)
- SharePoint Server Subscription Edition:
- Security Update KB5002705 (April 8, 2025)
- This update fixes remote code execution vulnerabilities. (support.microsoft.com)
- Immediate Action: Apply the relevant security updates to your SharePoint Server installations without delay.
- Review and Monitor: Regularly review your systems for any signs of compromise and monitor official Microsoft communications for any additional guidance or updates.
- Security Best Practices: Implement security best practices, such as least privilege access, regular system audits, and user training to mitigate potential risks.
By taking these steps, you can help ensure the security and integrity of your SharePoint Server environments.
Source: MSRC Security Update Guide - Microsoft Security Response Center