Platform
sharepoint
Component
microsoft-sharepoint-enterprise-server
Fixed in
16.0.5500.1001
16.0.10417.20010
16.0.18526.20286
CVE-2025-29976 describes an improper privilege management vulnerability in Microsoft SharePoint Enterprise Server. This flaw allows an authenticated attacker to escalate their privileges locally, potentially gaining unauthorized access to sensitive data and system resources. The vulnerability impacts versions 16.0.0 through 16.0.18526.20286, and a fix is available in version 16.0.18526.20286.
Successful exploitation of CVE-2025-29976 allows an authenticated attacker to bypass security controls and gain elevated privileges within the SharePoint environment. This could enable them to access and modify sensitive data, install malicious software, or even compromise the underlying server. The impact is particularly severe in environments where SharePoint is used to manage critical business processes or store confidential information. An attacker could leverage this privilege escalation to move laterally within the network, potentially impacting other systems and data stores. The blast radius extends to any resource accessible by the SharePoint server.
CVE-2025-29976 was publicly disclosed on May 13, 2025. The vulnerability's exploitation context is currently unclear, and no public proof-of-concept (PoC) code has been released. It is not currently listed on the CISA KEV catalog. Given the nature of privilege escalation vulnerabilities, it is prudent to assume potential for exploitation and prioritize patching.
Exploit Status
EPSS
0.76% (73% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-29976 is to upgrade to Microsoft SharePoint Enterprise Server version 16.0.18526.20286 or later. If immediate patching is not feasible, consider implementing stricter access controls within SharePoint to limit the potential impact of a successful attack. Review and enforce the principle of least privilege for all SharePoint users and applications. Monitor SharePoint logs for suspicious activity, particularly privilege escalation attempts. While a direct workaround is unavailable, ensuring robust network segmentation can limit lateral movement if exploitation occurs. After upgrade, confirm successful remediation by attempting to reproduce the vulnerability with a test account and verifying that privilege escalation is prevented.
Update Microsoft SharePoint Server to the latest version provided by Microsoft to correct the privilege escalation vulnerability. Refer to the Microsoft security bulletin for detailed update instructions. Apply security updates as soon as possible to mitigate the risk.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-29976 is a vulnerability in Microsoft SharePoint Enterprise Server allowing an authenticated attacker to elevate privileges locally, potentially gaining unauthorized access.
You are affected if you are running Microsoft SharePoint Enterprise Server versions 16.0.0–16.0.18526.20286. Check your version and upgrade if necessary.
Upgrade to Microsoft SharePoint Enterprise Server version 16.0.18526.20286 or later to remediate the vulnerability.
Currently, there is no confirmed active exploitation of CVE-2025-29976, but due to the nature of privilege escalation vulnerabilities, it is prudent to prioritize patching.
Refer to the official Microsoft Security Update Guide for CVE-2025-29976: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29976](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29976)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.