CVE-2025-49706

MEDIUM

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS v3.1 Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Published: 7/8/2025Modified: 10/27/2025

Related Intelligence (1)

CRITICALRansomware

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams. “April’s threat landscape is defined by immediate, real-world exploitation rather than just theoretical v

CVE-2026-32201CVE-2025-49706

Apr 15, 2026CSO Online

References (3)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706Vendor Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706US Government Resource https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/Press/Media CoverageVendor Advisory