CVE-2025-49706: Microsoft SharePoint Server Spoofing Vulnerability
Overview
- Severity
- Medium (CVSS 6.5)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C
- Category
- Spoofing
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2025-Jul
- Released
- 2025-07-08
- Last Updated
- 2025-07-31
- EPSS Score
- 71.57% (percentile: 98.7%)
- CISA KEV
- Listed — due 2025-07-23
Description
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
FAQ
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and some loss of integrity (I:L), but no loss of availability (A:N). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.
I am running SharePoint Server 2016. Do the updates for SharePoint Enterprise Server 2016 also apply to the version I am running?
Yes. The same KB number applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. Customers running either version should install the security update to be protected from this vulnerability.
Known Exploits (1)
- Microsoft SharePoint Improper Authentication Vulnerability — added 2025-07-20T13:55:28Z
Detection & Weaponization (3 sources)
Maturity: Exploit
- Metasploit modules: Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)
- Nuclei templates: Microsoft SharePoint Server - Authentication Bypass
- GitHub PoC: 1 repositories
Affected Products (3)
Microsoft Office
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
Security Updates (3)
Acknowledgments
Viettel Cyber Security with Trend Zero Day Initiative
Revision History
- 2025-07-08: Information published.
- 2025-07-21: Updated one or more CVSS scores for the affected products. This is an informational change only.
- 2025-07-22: Updated one or more CVSS scores for the affected products. This is an informational change only.
- 2025-07-24: Corrected the Download and Article links in the Security Updates table. This is an informational change only.
- 2025-07-31: Added an FAQ to explain that the security update KB for SharePoint Server 2016 applies to both Microsoft SharePoint Server 2016 and Microsoft SharePoint Enterprise Server 2016. This is an informational change only.