Back to KEVs

CVE-2025-49706

Microsoft SharePoint Server Spoofing Vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
June 09, 2025
Published Date
July 08, 2025
Last Updated
July 28, 2025
Vendor
Microsoft
Product
Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition
Description
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Tags
microsoft cisa

CVSS Scores

CVSS v3.1

6.5 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

EPSS Score

Score
0.64% (Percentile: 69.52%) as of 2025-07-28

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-07-20 10:15:39 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706

Known Exploited Vulnerability Information

Source Added Date
TheHackerNews 2025-07-20 10:15:32 UTC

Recent Mentions

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025. "CISA is

Microsoft: Chinese State Hackers Target SharePoint Flaw in Stealthy Attacks

Source: CyberInsider • Published: 2025-07-22 14:30:38 UTC

Chinese state-aligned threat actors are actively exploiting critical vulnerabilities in Microsoft's on-premises SharePoint Server, targeting organizations worldwide with sophisticated attacks that enable credential-less remote code execution and persistent access. Microsoft has released patches and urges immediate action. The exploitation campaign tracked by Microsoft involves two primary vulnerabilities: CVE-2025-49706, a spoofing flaw, and CVE-2025-49704, which allows … The post Microsoft: Chinese State Hackers Target SharePoint Flaw in Stealthy Attacks appeared first on CyberInsider.

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

Source: TheHackerNews • Published: 2025-07-20 09:52:00 UTC

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part of its July 2025 Patch Tuesday
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part of its July 2025 Patch Tuesday

ZDI-25-580: (Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability

Source: Zero Day Initiative Published Advisories • Published: 2025-07-08 05:00:00 UTC

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-49706.

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel