Below are the security fixes for the SharePoint OnPrem versions released this month.
SharePoint Server 2016:
- KB 5002744 – SharePoint Server 2016 (language independent)
- KB 5002743 – SharePoint Server 2016 (language dependent)
Microsoft Support recommends to install the complete July 2025 CU for SharePoint 2016 rather than individual security fixes.
SharePoint Server 2019:
- KB 5002741 – SharePoint Server 2019 (language independent)
- KB 5002739 – SharePoint Server 2019 (language dependent)
Microsoft Support recommends to install the complete July 2025 CU for SharePoint 2019 rather than individual security fixes.
SharePoint Server Subscription Edition:
- KB 5002751 – SharePoint Server Subscription Edition
This security fix is identical with July 2025 CU for SharePoint Server Subscription Edition.
Office Online Server:
- KB 5002740 – Office Online Server
More information:
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
Security Vulnerabilities fixed in this PU
| Vulnerability | SP 2016 | SP 2019 | SP SE | OOS | Impact | Max Severity |
|---|---|---|---|---|---|---|
| CVE-2025-48812 | x | Information Disclosure | Important | |||
| CVE-2025-49697 | x | Remote Code Execution | Critical | |||
| CVE-2025-49701 | x | x | x | Remote Code Execution | Important | |
| CVE-2025-49703 | x | x | Remote Code Execution | Critical | ||
| CVE-2025-49704 | x | x | Remote Code Execution | Critical | ||
| CVE-2025-49706 | x | x | x | Spoofing | Important | |
| CVE-2025-49711 | x | Remote Code Execution | Important |
See the Security Update Guide below for more details about the relevant fixes:
Permalink
There’s a new patch for a critical security issue: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
Permalink
Yes indeed.
Guidance has been published. Link in this blog post:
https://blog.stefan-gossner.com/2025/07/21/important-active-attacks-targeting-on-premises-sharepoint-server-customers/
Permalink
Hi Stefan,
https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
Whether the KB5002768 – https://www.microsoft.com/en-us/download/details.aspx?id=108285 – fix contains July 2025 CU package as well. We are doing patching on Half yearly basis. Dec2024 CU we installed it in our environment and planning to install the latest CU patch but in the mean while we got the above update hence asking.
Permalink
Hi Prabhu,
Yes – KB 5002768 includes July CU as well.
Cheers,
Stefan
Permalink
Thanks Stefan
Permalink
Hi Stefan,
After July 2025 CU/security patch fix, has anyone been reporting issue with left navigation missing on modern pages? Or are you able to reproduce this issue? It does not reproduce for Site Admin/Farm accounts, only end users impacted. Can’t identify any permissions issue, or lack of permissions to hidden lists issue just yet. Issue started right after the patching completed. Any ideas?
Permalink
Hi Jared,
please check if side-by-side patching is enabled and disable it if yes.
That solved the issue for one customer.
Cheers,
Stefan
Permalink
Ahh, looks like need to install this as well.
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-language-pack-july-21-2025-kb5002753-d9b60b8a-577e-43ad-9469-416c0f3fd913
Permalink
Yes. You need both.
Permalink
Adding to my previous comment, I think the fix is we need to install the language pack update to resolve the issue with left nav not loading on modern pages. This is supposed to be installed alongside https://support.microsoft.com/en-gb/topic/description-of-the-security-update-for-sharepoint-server-2019-july-21-2025-kb5002754-f5b23cd0-6d1c-49f5-851e-7868b7ddb6a1
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-server-2019-language-pack-july-21-2025-kb5002753-d9b60b8a-577e-43ad-9469-416c0f3fd913
Permalink
For most customers it resolved it using this.
But for some there was still a problem due to inconsistencies between the side-by-side directory content and the root.
Disabling side-by-side resolved it.
Cheers,
Stefan
Permalink
What is the best way to disable side-by-side?
Permalink
Hi Matt,
Have you performed all the remediation steps such as rotating the ASP.NET machine keys and IIS restart on all SharePoint servers?
Permalink
i have used PS:
Add-PSSnapin Microsoft.SharePoint.PowerShell
$webapp = Get-SPWebApplication “https://your-webapp-url”
$webapp.WebService.EnableSideBySide = $false
$webapp.WebService.Update()
but this has not worked
Permalink
Hi anybody has some workaroung for issue with left navigation missing on modern pages?
EnableSideBySide scirpt not working, CUs kb5002754/kb5002753 not working, Tjhanks
Permalink
Hi Michal,
if the steps above did not help I would recommend to open a support case with Microsoft.
Cheers,
Stefan
Permalink
Yes, you need to install the latest language pack, that is what fixed it for us
Permalink
Does this vulnerability impact SharePoint 2010 and 2013 farms?
Permalink
We don’t have guidance for these versions as they are unsupported since several years.
Permalink
Hi Stefan, is anyone facing any issue with Workflow(Complex or multilevel mostly) after July 2025 CU Update?
We are facing issue with InfoPath and replacing a existing file in SharePoint.
Permalink
Hi Abhay, which CU was installed before?
Permalink
Recently we have update the July 2025 CU(KB5002754/53), however we have not updated the language pack with it. Can this be a reason for workflow issue and also issue with replacing the existing doc with new?
Permalink
Hi Abhay, not installing the language pack fix can cause all type of UI issues (missing navigation, error messages on screen where text is expected,…) but not functional issues as you describe.
Cheers,
Stefan