CVE-2025-49706

⚠ KEVEPSS 75.0%

Microsoft SharePoint Improper Authentication Vulnerability

Added to CISA KEV: 7/22/2025

Description

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.

Affected packages (0)

No package mapping in OSV.