CVE-2025-49706

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability

Entry Details

Vulnerability ID

CVE-2025-49706

Status

Confirmed

Exploited

Yes

Status Updated At

2025-07-22 00:00 UTC

Timestamps

First Seen At

2025-07-22

Asserted At

2025-07-22

Scope

Notes

KEV entry: Microsoft SharePoint Improper Authentication Vulnerability | Affected: Microsoft / SharePoint | Description: Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706. | Required action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2025-07-23 | Known ransomware campaign use (KEV): Known | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 ; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49706

References

{'id': 'CVE-2025-49706', 'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-49706'}

Entry UUID

f8718ee9-efab-4c9d-a903-6e4133d8dd0b

Catalog Origin UUID

405284c2-e461-4670-8979-7fd2c9755a60

Created

2026-02-02 13:24 UTC

Last Updated

2026-02-06 07:53 UTC

Evidence (1)

Type Source Signal Confidence Details GCVE Metadata

Type	Source	Signal	Confidence	Details	GCVE Metadata
vendor_report	cisa-kev	successful_exploitation	0.80	View details `{ "cwes": [ "CWE-287" ], "date_added": "2025-07-22", "due_date": "2025-07-23", "feed": "CISA Known Exploited Vulnerabilities Catalog", "knownRansomwareCampaignUse": "Known", "product": "SharePoint", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Improper Authentication Vulnerability" }`	-

vendor_report

cisa-kev

successful_exploitation

0.80

View details

{
  "cwes": [
    "CWE-287"
  ],
  "date_added": "2025-07-22",
  "due_date": "2025-07-23",
  "feed": "CISA Known Exploited Vulnerabilities Catalog",
  "knownRansomwareCampaignUse": "Known",
  "product": "SharePoint",
  "vendorProject": "Microsoft",
  "vulnerabilityName": "Microsoft SharePoint Improper Authentication Vulnerability"
}

Export Options

JSON Object JSON API View Full Catalog