FKIE_CVE-2025-49706

Vulnerability from fkie_nvd - Published: 2025-07-08 17:15 - Updated: 2025-10-27 17:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706US Government Resource
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/Press/Media Coverage, Vendor Advisory
Impacted products
Vendor Product Version
microsoft sharepoint_enterprise_server 2016
microsoft sharepoint_server *
microsoft sharepoint_server 2019
To clipboard 

{
  "cisaActionDue": "2025-07-23",
  "cisaExploitAdd": "2025-07-22",
  "cisaRequiredAction": "Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
  "cisaVulnerabilityName": "Microsoft SharePoint Improper Authentication Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
              "matchCriteriaId": "B006E0D5-DEDF-490A-9BC6-D2DC34DF98B2",
              "versionEndExcluding": "16.0.18526.20424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."
    },
    {
      "lang": "es",
      "value": "La autenticaci\u00f3n incorrecta en Microsoft Office SharePoint permite que un atacante autorizado realice suplantaci\u00f3n de identidad a trav\u00e9s de una red."
    }
  ],
  "id": "CVE-2025-49706",
  "lastModified": "2025-10-27T17:12:29.023",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-08T17:15:58.250",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Press/Media Coverage",
        "Vendor Advisory"
      ],
      "url": "https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.