CVE-2025-49706 — Microsoft SharePoint Improper Authentication Vulnerability

Description

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.

How to fix CVE-2025-49706

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2025-49706 being exploited?

Yes — CVE-2025-49706 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.