CVE-2025-49706

Published Jul 8, 2025

Last updated 5 days ago

CVSS medium 6.3

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-49706 is a vulnerability affecting Microsoft Office SharePoint. It stems from improper authentication within the software. This vulnerability could allow an authorized attacker to perform spoofing attacks over a network, potentially compromising the integrity of SharePoint services. Microsoft has released a security update (KB5002751) to address this vulnerability.

Description
Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Source
secure@microsoft.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
6.3
Impact score
4.2
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-287

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

33

  1. We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange https://t.co/sPHVVBal3K

    @codewhitesec

    14 Jul 2025

    18430 Impressions

    64 Retweets

    273 Likes

    90 Bookmarks

    3 Replies

    3 Quotes

  2. CVE-2025-49706 Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. https://t.co/E9uQMv8zm8

    @CVEnew

    8 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.