NVD - CVE-2025-49706 (original) (raw)
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Metrics
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:
CNA: Microsoft Corporation
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS 2.0 Severity and Vector Strings:
NIST: NVD
Base Score: N/A
NVD assessment not yet provided.
This CVE is in CISA's Known Exploited Vulnerabilities Catalog
Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.
| Vulnerability Name | Date Added | Due Date | Required Action |
|---|---|---|---|
| Microsoft SharePoint Improper Authentication Vulnerability | 07/22/2025 | 07/23/2025 | Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. |
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-287 | Improper Authentication | Microsoft Corporation |
Known Affected Software Configurations Switch to CPE 2.2
Change History
12 change records found show changes
Modified Analysis by NIST 10/27/2025 1:12:29 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference Type | CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2025-49706 Types: US Government Resource |
CVE Modified by CISA-ADP 10/21/2025 7:17:05 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2025-49706 |
CVE Modified by CISA-ADP 10/21/2025 4:20:39 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Removed | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2025-49706 |
CVE Modified by CISA-ADP 10/21/2025 3:21:21 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field\_cve=CVE-2025-49706 |
CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 7/29/2025 9:00:01 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | Required Action | CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. |
Modified Analysis by NIST 7/23/2025 2:00:35 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference Type | CISA-ADP: https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ Types: Press/Media Coverage, Vendor Advisory |
CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 7/22/2025 9:00:02 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Date Added | 2025-07-22 | |
| Added | Due Date | 2025-07-23 | |
| Added | Required Action | CISA recommends disconnecting public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS). For example, SharePoint Server 2013 and earlier versions are end-of-life and should be discontinued if still in use. For supported versions, please follow the mitigations according to CISA and vendor instructions. Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | |
| Added | Vulnerability Name | Microsoft SharePoint Improper Authentication Vulnerability |
CVE Modified by Microsoft Corporation 7/22/2025 5:15:39 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | Description | Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | |
| Removed | CVSS V3.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
CVE Modified by CISA-ADP 7/22/2025 12:15:30 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ |
CVE Modified by Microsoft Corporation 7/21/2025 6:15:31 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N | |
| Removed | CVSS V3.1 | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N |
Initial Analysis by NIST 7/16/2025 1:41:44 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CPE Configuration | OR *cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:* versions up to (excluding) 16.0.18526.20424 | |
| Added | Reference Type | Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706 Types: Vendor Advisory |
New CVE Received from Microsoft Corporation 7/08/2025 1:15:58 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | |
| Added | CVSS V3.1 | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N | |
| Added | CWE | CWE-287 | |
| Added | Reference | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706 |