CVE-2025-49706

Microsoft SharePoint Server Spoofing Vulnerability

CVSS 6.5 MEDIUMEPSS 99.9%● KEVCWE-287

In short

Microsoft SharePoint Server has an authentication flaw that allows attackers to impersonate legitimate users or administrators over a network without proper credentials. This can lead to unauthorized access to sensitive documents and data.

Technical detail

An improper authentication mechanism in Microsoft Office SharePoint (CWE-287) permits network-based spoofing attacks where an attacker can forge or bypass authentication checks to assume the identity of authorized users. This requires network access to the SharePoint instance and can result in unauthorized information disclosure and data manipulation.

Summary generated and translated by AI from the official description.

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

Affected products

Microsoft · Microsoft SharePoint Enterprise Server 2016 Microsoft · Microsoft SharePoint Server 2019 Microsoft · Microsoft SharePoint Server Subscription Edition

public PoCs found — 1

githubgithub.com/AdityaBhatt3010/CVE-2025-49706-SharePoint-Spoofing-Vulnerability-Under-Active-Exploitation★ 18

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706 https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/