CVE-2025-29976
Improper Privilege Management in SharePoint Enables Local Escalation

Publication date: 2025-05-13

Last updated on: 2025-06-23

Assigner: [email protected]

Description
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Affected Vendors & Products
Vendor Product Version
microsoft office_sharepoint *
microsoft windows_10_1809 to 10.0.17763.4252 (inc)
microsoft windows_10_1507 to 10.0.10240.19869 (inc)
microsoft windows_10_1607 to 10.0.14393.5850 (inc)
microsoft windows_server_2008 *
microsoft windows_server_2012 *
microsoft windows_10_21h2 to 10.0.19044.2846 (inc)
microsoft windows_server_2016 to 10.0.14393.5989 (inc)
microsoft windows_server_2019 to 10.0.17763.4499 (inc)
microsoft windows_server_2022_23h2 to 10.0.20348.1787 (inc)
microsoft windows_server_2025 From 10.0.26100.3403 (exc) to 10.0.26100.3476 (inc)
microsoft windows_10_22h2 to 10.0.19045.2846 (inc)
microsoft windows_11_22h2 to 10.0.22621.1555 (inc)
microsoft windows_11_23h2 to 10.0.22631.5039 (inc)
microsoft windows_11_24h2 From 10.0.26100.3403 (exc) to 10.0.26100.3476 (inc)
microsoft sharepoint_server *
microsoft sharepoint_server *
microsoft sharepoint_server to 16.0.18526.20286 (inc)
microsoft windows_server_2008 *
microsoft windows_server_2012 *
microsoft windows_server_2022 to 10.0.20348.1787 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 Improper Privilege Management
AI Powered Q&A
Can you explain this vulnerability to me?


How can this vulnerability impact me? :


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2025-05-13
CVE Last Modified Date:
2025-06-23
Report Generation Date:
2025-07-24
AI Powered Q&A Generation:
2025-05-13
EPSS Last Evaluated Date:
2025-07-02
NVD Report Link: