CVE-2025-49706
MEDIUM KEV RANSOMWARE NUCLEIMicrosoft Sharepoint Enterprise Server - Authentication Bypass
Title source: ruleDescription
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Exploits (3)
nomisec
WRITEUP
15 stars
by AdityaBhatt3010 · remote-auth
https://github.com/AdityaBhatt3010/CVE-2025-49706-SharePoint-Spoofing-Vulnerability-Under-Active-Exploitation
github
WRITEUP
9 stars
by AdityaBhatt3010 · poc
https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE
metasploit
WORKING POC
EXCELLENT
by Viettel Cyber Security, sfewer-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sharepoint_toolpane_rce.rb
Nuclei Templates (1)
Microsoft SharePoint Server - Authentication Bypass
MEDIUMVERIFIEDby daffainfo
Shodan:
http.component:"sharepoint"
References (3)
Scores
CVSS v3
6.5
EPSS
0.7372
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CISA KEV
2025-07-22
VulnCheck KEV
2025-07-18
ENISA EUVD
EUVD-2025-20552
Ransomware Use
Confirmed
CWE
CWE-287
Status
published
Products (3)
microsoft/sharepoint_enterprise_server
2016
microsoft/sharepoint_server
2019
microsoft/sharepoint_server
< 16.0.18526.20424
Published
Jul 08, 2025
KEV Added
Jul 22, 2025
Tracked Since
Feb 18, 2026