Vulnerability Details CVE-2025-49706
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.519
EPSS Ranking 97.8%
CVSS Severity
CVSS v3 Score 6.5
Proposed Action
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.
Ransomware Campaign
Known
References
Products affected by CVE-2025-49706
-
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016
-
cpe:2.3:a:microsoft:sharepoint_server:-
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17328.20246
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17328.20292
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17328.20362
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17928.20356
-
cpe:2.3:a:microsoft:sharepoint_server:16.0.17928.20396
-
cpe:2.3:a:microsoft:sharepoint_server:2019