CVE-2025-49706

Warnung

Medienbericht

EPSS 62.1%
Veröffentlicht 08.07.2025 16:58:07
Zuletzt bearbeitet 27.10.2025 17:12:29
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Betroffene Produkte Warnungen 2 Metriken 2 CWE 1 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Sharepoint Enterprise Server Version2016

Microsoft ≫ Sharepoint Server SwEditionsubscription Version < 16.0.18526.20424

Microsoft ≫ Sharepoint Server Version2019

22.07.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft SharePoint Improper Authentication Vulnerability

Schwachstelle

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.

Beschreibung

CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Erforderliche Maßnahmen