{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64672", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-11-06T23:40:37.277Z", "datePublished": "2025-12-09T17:56:06.979Z", "dateUpdated": "2026-04-16T14:18:59.703Z"}, "containers": {"cna": {"title": "Microsoft SharePoint Server Spoofing Vulnerability", "datePublic": "2025-12-09T08:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.19127.20378"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Server Subscription Edition", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.19127.20378", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en-US", "type": "CWE", "cweId": "CWE-79"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:18:59.703Z"}, "references": [{"name": "Microsoft SharePoint Server Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64672"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64672", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-10T04:56:31.150709Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:21:09.340Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64672", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-10T04:56:31.150709Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T17:01:55.924Z"}}], "cna": {"title": "Microsoft SharePoint Server Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Server Subscription Edition", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.19127.20378", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2025-12-09T08:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64672", "name": "Microsoft SharePoint Server Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "vulnerable": true, "versionEndExcluding": "16.0.19127.20378", "versionStartIncluding": "16.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-02-20T15:59:38.190Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64672", "state": "PUBLISHED", "dateUpdated": "2026-02-26T16:21:09.340Z", "dateReserved": "2025-11-06T23:40:37.277Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-12-09T17:56:06.979Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "matchCriteriaId": "C8DF754B-3BDF-4877-92CE-4B0FC9689C6D", "versionEndExcluding": "16.0.19127.20378", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network."}], "id": "CVE-2025-64672", "lastModified": "2025-12-12T13:47:01.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-12-09T18:16:06.580", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64672"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T15:41:27.539613+00:00", "value": {"mitigation_remediation": ["Apply the latest Microsoft security update for SharePoint Server Subscription Edition that addresses the XSS flaw.", "Configure the SharePoint web application to implement strict input sanitization and enable built\u2011in XSS protection mechanisms.", "Restrict user permissions to the minimum required level and audit account privileges to limit the number of authorized users who could exploit this vulnerability.", "Deploy a web application firewall or similar controls to detect and block malicious script injection attempts on SharePoint pages."], "summary": {"action": "Patch Now", "impact": "Cross-site scripting permitting spoofing impersonation"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in Microsoft SharePoint Server Subscription Edition. No specific version numbers are provided, so all current releases of that product should be evaluated for the presence of the flaw.", "description_and_impact": "This flaw is a cross\u2011site scripting vulnerability (CWE\u201179) that allows an attacker who is already authorized to influence the content of web pages generated by Microsoft SharePoint. By injecting malicious script, the attacker can make the application display forged information, effectively causing users to believe that the content or interactions originate from a trusted source within the organization.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high\u2011severity flaw, while the EPSS score of less than 1% suggests that exploitation is unlikely to be widespread. The vulnerability is not listed in the CISA KEV catalog. Because the flaw requires an attacker to be authenticated or otherwise authorized within the network, the expected attack vector is internal or privileged. Without a publicly available exploit, the risk remains largely theoretical but could be significant if the attacker succeeds."}}}}, "created": "2026-04-20T15:45:10.383363+00:00", "updated": "2026-04-20T15:45:10.383375+00:00", "vendors": []}