What is the CVSS score of CVE-2025-49706?

CVE-2025-49706 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. EPSS exploitation probability: 59.9%.

Which versions of Sharepoint Enterprise Server are affected by CVE-2025-49706?

Organizations using Improper authentication in Microsoft Office SharePoint should be aware of notable risk from CVE-2025-49706, a improper authentication vulnerability rated CVSS 6.5.. A patch is available.

Is CVE-2025-49706 being actively exploited?

Yes, CVE-2025-49706 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-49706?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Audit authentication configurations.

Sharepoint Enterprise Server CVE-2025-49706

EUVD-2025-20552 MEDIUM

Improper Authentication (CWE-287)

2025-07-08 secure@microsoft.com

Authentication Bypass Microsoft Sharepoint Enterprise Server Sharepoint Server

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

16.0.10417.20027,16.0.18526.20424,16.0.5508.1000

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20552

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

Added to CISA KEV

Oct 27, 2025 - 17:12 cisa

CISA KEV

CVE Published

Jul 08, 2025 - 17:15 nvd

MEDIUM 6.5

DescriptionNVD

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Analysis

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

More from same product – last 7 days

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-42901 CRITICAL Monitor

10.0 May 22

Privilege escalation in Microsoft Entra ID enables remote unauthenticated attackers to bypass origin validation and gain

CVE-2025-49706 vulnerability details – vuln.today

Back

Sharepoint Enterprise Server CVE-2025-49706

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code