Spoofing Vulnerability in Microsoft Office SharePoint
CVE-2025-49706

6.5MEDIUM

Key Information:

Badges

🥇 Trended No. 1📈 Trended📈 Score: 11,600💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 18%🦅 CISA Reported📰 News Worthy

What is CVE-2025-49706?

CVE-2025-49706 is a spoofing vulnerability identified in Microsoft Office SharePoint, a widely used web-based collaboration platform that aids organizations in document management, storage, and project coordination. This specific vulnerability arises from improper authentication mechanisms within SharePoint, enabling an authorized attacker to exploit these shortcomings and perform spoofing attacks over the network. Such attacks can allow the adversary to impersonate other users or services, potentially leading to unauthorized access to sensitive information and resources. The implications for organizations can be severe, as the integrity and confidentiality of data may be compromised, risking both operational disruption and reputational damage.

Potential impact of CVE-2025-49706

  1. Unauthorized Access: Attackers can exploit this vulnerability to impersonate legitimate users, gaining unauthorized access to confidential information and sensitive resources within SharePoint.

  2. Data Integrity Risks: By spoofing other users, adversaries could manipulate or corrupt documents and projects, leading to significant issues related to data integrity and trustworthiness.

  3. Reputational Damage: Successful exploitation can result in data breaches that undermine stakeholder trust, causing long-lasting reputational harm to organizations, and potentially leading to legal or financial repercussions.

CISA has reported CVE-2025-49706

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-49706 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5508.1000

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10417.20027

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.18526.20424

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 29)

Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization. Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization.

3 weeks ago

ToolShell: Uncovering Five Critical Vulnerabilities in Microsoft SharePoint

Security researchers from Kaspersky have detailed a sophisticated exploit chain dubbed "ToolShell," actively targeting on-premise.

3 weeks ago

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.

4 weeks ago

References

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 🦅

    CISA Reported

  • 📰

    First article discovered by The Hacker News

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49706 : Spoofing Vulnerability in Microsoft Office SharePoint