What is the CVSS score of CVE-2025-47172?

CVE-2025-47172 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 1.7%.

Which versions of Exchange are affected by CVE-2025-47172?

Microsoft Office SharePoint contains a SQL injection vulnerability (CVE-2025-47172) that permits authenticated users to execute arbitrary code remotely, directly threatening the confidentiality,…. A patch is available.

How to fix or mitigate CVE-2025-47172?

Within 24 hours: Identify all SharePoint deployments (on-premises and online) in your environment and verify current patch status through Microsoft's update dashboard. Within 7 days: Apply the vendor-released patch to all affected SharePoint instances; prioritize on-premises deployments and test in non-production environments first. Within 30 days: Conduct access reviews on SharePoint administrative accounts and implement network segmentation to restrict SQL backend access from SharePoint application tiers.

Exchange CVE-2025-47172

EUVD-2025-17727 HIGH

SQL Injection (CWE-89)

2025-06-10 secure@microsoft.com

Microsoft SQLi Exchange RCE Sharepoint Enterprise Server Sharepoint Server

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:40 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

16.0.10417.20018,16.0.18526.20396,16.0.5504.1001

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17727

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:23 nvd

HIGH 8.8

DescriptionCVE.org

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

AnalysisAI

SQL injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint deployments where an authorized user can craft malicious SQL commands through improperly neutralized input fields. This is a high-severity issue (CVSS 8.8) with significant confidentiality, integrity, and availability impact, particularly concerning given SharePoint's role as a critical enterprise collaboration platform.

Technical ContextAI

This vulnerability stems from CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), a classic SQL injection flaw where user-controlled input is concatenated directly into SQL queries without proper parameterization or escaping. In Microsoft SharePoint's context, this likely occurs in database interaction layers where SharePoint processes user input through search queries, list filters, workflow conditions, or administrative functions. The vulnerability affects SharePoint's core database communication mechanisms, potentially impacting multiple feature areas. Affected CPE scope includes Microsoft SharePoint Server and SharePoint Online deployments, though the exact versions require reference to Microsoft's official security advisories. The attack vector is network-based (AV:N) with low attack complexity (AC:L), meaning an authenticated user (PR:L) can exploit this without requiring special conditions or timing.

RemediationAI

Immediate actions: (1) Apply security patches released by Microsoft for CVE-2025-47172—check Microsoft Security Update Guide and MSRC advisories for KB articles and patch links corresponding to your SharePoint version; (2) If patches are unavailable, restrict SharePoint access to trusted users only and monitor database query logs for SQL injection attempts; (3) Implement Web Application Firewall (WAF) rules to detect and block common SQL injection patterns in SharePoint requests; (4) Use parameterized queries and prepared statements (ensure all SharePoint custom code uses these patterns); (5) Apply principle of least privilege to SharePoint service accounts and database access; (6) Enable SQL Server query auditing to detect exploitation attempts. For cloud-based SharePoint Online customers, Microsoft typically applies patches automatically—verify current patch status via tenant admin. Long-term: conduct code review of custom SharePoint solutions to identify similar injection flaws.

CVE-2025-47172 vulnerability details – vuln.today

Back

Exchange CVE-2025-47172

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code