CVE-2025-49706 MEDIUM

CVE-2025-49706: Microsoft SharePoint Server Spoofing Vulnerability

Vendor Microsoft
Product Microsoft SharePoint Enterprise Server 2016
Weakness CWE-287 · Improper authentication
KEV Status Known Exploited
Ransomware Used in campaigns
Published July 8, 2025
Last update February 26, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

What the vulnerability does

01Description

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CISA mandated remediation

02CISA Required Action

Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Key dates

03Disclosure timeline

July 8, 2025 CVE published
February 26, 2026 Record updated

External resources

04References

Related vulnerabilities

05Related CVE