{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-49706", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-06-09T19:59:44.875Z", "datePublished": "2025-07-08T16:58:07.343Z", "dateUpdated": "2026-02-13T19:07:42.100Z"}, "containers": {"cna": {"title": "Microsoft SharePoint Server Spoofing Vulnerability", "datePublic": "2025-07-08T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.5508.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.10417.20027"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.18526.20424"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.5508.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.10417.20027", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server Subscription Edition", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.18526.20424", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-287: Improper Authentication", "lang": "en-US", "type": "CWE", "cweId": "CWE-287"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-02-13T19:07:42.100Z"}, "references": [{"name": "Microsoft SharePoint Server Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49706", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-23T03:55:23.189017Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-07-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706"}}}], "references": [{"url": "https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/", "tags": ["vendor-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706", "tags": ["government-resource"]}], "timeline": [{"time": "2025-07-22T00:00:00+00:00", "lang": "en", "value": "CVE-2025-49706 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T22:45:22.869Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49706", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-23T03:55:23.189017Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-07-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706"}}}], "timeline": [{"lang": "en", "time": "2025-07-22T00:00:00+00:00", "value": "CVE-2025-49706 added to CISA KEV"}], "references": [{"url": "https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/", "tags": ["vendor-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:46:37.757Z"}}], "cna": {"title": "Microsoft SharePoint Server Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.5508.1000", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.10417.20027", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server Subscription Edition", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.18526.20424", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2025-07-08T07:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706", "name": "Microsoft SharePoint Server Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "versionEndExcluding": "16.0.5508.1000", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "16.0.10417.20027", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "vulnerable": true, "versionEndExcluding": "16.0.18526.20424", "versionStartIncluding": "16.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-02-13T19:07:42.100Z"}}}, "cveMetadata": {"cveId": "CVE-2025-49706", "state": "PUBLISHED", "dateUpdated": "2026-02-13T19:07:42.100Z", "dateReserved": "2025-06-09T19:59:44.875Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-07-08T16:58:07.343Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"cisaActionDue": "2025-07-23", "cisaExploitAdd": "2025-07-22", "cisaRequiredAction": "Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.", "cisaVulnerabilityName": "Microsoft SharePoint Improper Authentication Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", "matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "matchCriteriaId": "B006E0D5-DEDF-490A-9BC6-D2DC34DF98B2", "versionEndExcluding": "16.0.18526.20424", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network."}, {"lang": "es", "value": "La autenticaci\u00f3n incorrecta en Microsoft Office SharePoint permite que un atacante autorizado realice suplantaci\u00f3n de identidad a trav\u00e9s de una red."}], "id": "CVE-2025-49706", "lastModified": "2025-10-27T17:12:29.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2025-07-08T17:15:58.250", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Press/Media Coverage", "Vendor Advisory"], "url": "https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{}

{"created": "2025-07-13T21:47:13.149903+00:00", "updated": "2025-07-13T21:47:13.149965+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$sharepoint_server"]}