CVE-2025-49706 - Microsoft SharePoint Improper Authentication Vulnerability

Vulnerability Name

Microsoft SharePoint Improper Authentication Vulnerability

Description

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.

Known To Be Used in Ransomware Campaigns?

Known

Action

CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Additional Notes

CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770

https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706

https://nvd.nist.gov/vuln/detail/CVE-2025-49706

Related News Articles

Microsoft: SharePoint flaws exploited in Warlock ransomware attacksJuly 24, 2025

Microsoft links Sharepoint ToolShell attacks to Chinese hackersJuly 22, 2025

Microsoft pins on-prem SharePoint attacks on Chinese threat actorsJuly 22, 2025

Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber AttacksJuly 21, 2025

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company ServersJuly 20, 2025