CVE-2014-0251

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."

Published: 2014-05-14 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2014-0251 is rated High Risk (70.4/100): CVSS Critical severity, with high exploitation likelihood (EPSS 14.20%, 96th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2014-0251

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-17 13.41% 14.20% +0.79%
2 2026-06-15 19.65% 13.41% -6.24%
3 2025-12-28 19.65%

Full EPSS history (23 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2014-0251

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.0 2.0 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.0 10.0 [email protected]

Weakness enumeration for CVE-2014-0251

Affected software / configurations for CVE-2014-0251

Vendor Product Version Raw CPE
microsoft office_web_apps_server 2013 cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*
microsoft office_web_apps_server 2013 cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*
microsoft project_server 2010 cpe:2.3:a:microsoft:project_server:2010:sp1:*:*:*:*:*:*
microsoft project_server 2010 cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*
microsoft project_server 2013 cpe:2.3:a:microsoft:project_server:2013:*:*:*:*:*:*:*
microsoft project_server 2013 cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*
microsoft sharepoint_designer 2007 cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*
microsoft sharepoint_designer 2010 cpe:2.3:a:microsoft:sharepoint_designer:2010:sp1:*:*:*:*:*:*
microsoft sharepoint_designer 2010 cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2:*:*:*:*:*:*
microsoft sharepoint_designer 2013 cpe:2.3:a:microsoft:sharepoint_designer:2013:*:*:*:*:*:*:*
microsoft sharepoint_designer 2013 cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*
microsoft sharepoint_foundation 2010 cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*
microsoft sharepoint_foundation 2010 cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*
microsoft sharepoint_foundation 2013 cpe:2.3:a:microsoft:sharepoint_foundation:2013:*:*:*:*:*:*:*
microsoft sharepoint_foundation 2013 cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
microsoft sharepoint_server 2007 cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*
microsoft sharepoint_server 2010 cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*
microsoft sharepoint_server 2010 cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
microsoft sharepoint_server 2013 cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*
microsoft sharepoint_server 2013 cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
microsoft sharepoint_server_client_components_sdk 2013 cpe:2.3:a:microsoft:sharepoint_server_client_components_sdk:2013:*:*:*:*:*:*:*
microsoft sharepoint_services 3.0 cpe:2.3:a:microsoft:sharepoint_services:3.0:sp3:*:*:*:*:*:*
microsoft web_applications 2010 cpe:2.3:a:microsoft:web_applications:2010:sp1:*:*:*:*:*:*
microsoft web_applications 2010 cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*

References for CVE-2014-0251

cvelogic Threat Intelligence