CVE-2020-1025

CVE Database · CVE-2020-1025

CVE-2020-1025

· CRITICALModified

CVSS v3.1

9.8

EPSS

5.85%

Published

Jul 14, 2020

Modified

Feb 23, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20

Affected Products (6)

microsoft · lyncvulnerable

microsoft · sharepoint_enterprise_servervulnerable

microsoft · sharepoint_foundationvulnerable

microsoft · sharepoint_servervulnerable

microsoft · skype_for_businessvulnerable

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs