CVE-2025-49706: Microsoft SharePoint Improper Authentication Vulnerability.

Microsoft SharePoint Improper Authentication Vulnerability. Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.

• CISA KEV-listed (remediation due 2025-07-23)
• used in ransomware campaigns
• EPSS 73.8% (98.8% percentile)

Detection rules

• Potential SharePoint ToolShell CVE-2025-53770 Exploitation - File Create critical
• Suspicious File Write to SharePoint Layouts Directory high

Browse the CVE database

Read the full analysis on IntelFusions