How to fix CVE-2025-47172?

Within 24 hours: Inventory all SharePoint instances and document authorized user access; enable enhanced logging and monitoring on affected systems. Within 7 days: Implement network segmentation to limit SharePoint exposure; apply WAF rules to block SQL injection patterns; disable unnecessary SharePoint features and APIs if possible. Within 30 days: Conduct security assessment of user access controls; implement principle of least privilege for SharePoint accounts; establish vendor patch application process and monitor for patch release; consider temporary restriction of external access to SharePoint if business-critical.

Is Exchange affected by CVE-2025-47172?

A high-severity SQL injection vulnerability in Microsoft SharePoint allows authorized users to execute arbitrary code, potentially leading to unauthorized data access, system compromise, and lateral movement within the network.

CVE-2025-47172

EUVD-2025-17727 HIGH

2025-06-10 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17727

CVE Published

Jun 10, 2025 - 17:23 nvd

HIGH 8.8

Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Analysis

SQL injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint deployments where an authorized user can craft malicious SQL commands through improperly neutralized input fields. This is a high-severity issue (CVSS 8.8) with significant confidentiality, integrity, and availability impact, particularly concerning given SharePoint's role as a critical enterprise collaboration platform.

Technical Context

This vulnerability stems from CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), a classic SQL injection flaw where user-controlled input is concatenated directly into SQL queries without proper parameterization or escaping. In Microsoft SharePoint's context, this likely occurs in database interaction layers where SharePoint processes user input through search queries, list filters, workflow conditions, or administrative functions. The vulnerability affects SharePoint's core database communication mechanisms, potentially impacting multiple feature areas. Affected CPE scope includes Microsoft SharePoint Server and SharePoint Online deployments, though the exact versions require reference to Microsoft's official security advisories. The attack vector is network-based (AV:N) with low attack complexity (AC:L), meaning an authenticated user (PR:L) can exploit this without requiring special conditions or timing.

Affected Products

Microsoft Office SharePoint Server (specific versions per CVE-2025-47172 require vendor advisory reference); Microsoft SharePoint Online (cloud-based deployments); potentially all SharePoint 2019, 2016, and earlier versions depending on patch scope. The vulnerability affects any SharePoint installation where database queries process user input without proper sanitization, which likely encompasses multiple feature modules. Organizations should consult Microsoft Security Update Guide (portal.msrc.microsoft.com) and the specific CVE advisory for definitive affected version lists and patch availability. CPE strings would include variations of 'cpe:2.3:a:microsoft:sharepoint_server:*', though exact version matching requires official Microsoft documentation.

Remediation

Immediate actions: (1) Apply security patches released by Microsoft for CVE-2025-47172—check Microsoft Security Update Guide and MSRC advisories for KB articles and patch links corresponding to your SharePoint version; (2) If patches are unavailable, restrict SharePoint access to trusted users only and monitor database query logs for SQL injection attempts; (3) Implement Web Application Firewall (WAF) rules to detect and block common SQL injection patterns in SharePoint requests; (4) Use parameterized queries and prepared statements (ensure all SharePoint custom code uses these patterns); (5) Apply principle of least privilege to SharePoint service accounts and database access; (6) Enable SQL Server query auditing to detect exploitation attempts. For cloud-based SharePoint Online customers, Microsoft typically applies patches automatically—verify current patch status via tenant admin. Long-term: conduct code review of custom SharePoint solutions to identify similar injection flaws.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +1.7

CVSS: +44

POC: 0

CVE-2025-47172 vulnerability details – vuln.today

Back

CVE-2025-47172

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code