1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Microsoft SharePoint Improper Authentication Vulnerability

Known Exploited Vulnerabilities CVE-2025-49706

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-49706 Microsoft SharePoint Improper Authentication Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This improper authentication vulnerability in Microsoft SharePoint allows an attacker to send unauthenticated HTTP POST requests to the endpoint, which SharePoint will trust the request if constructed correctly. This gives the attacker access to the APIs despite the lack of credentials, as well as the ability to impersonate users and abuse native functionality.
References
  1. https://fidelissecurity.com/vulnerabilities/cve-2025-49706/
CVE-2025-49706 Microsoft SharePoint Improper Authentication Vulnerability primary_impact T1505 Server Software Component
Comments
This improper authentication vulnerability in Microsoft SharePoint allows an attacker to send unauthenticated HTTP POST requests to the endpoint, which SharePoint will trust the request if constructed correctly. This gives the attacker access to the APIs despite the lack of credentials, as well as the ability to impersonate users and abuse native functionality.
References
  1. https://fidelissecurity.com/vulnerabilities/cve-2025-49706/
CVE-2025-49706 Microsoft SharePoint Improper Authentication Vulnerability secondary_impact T1059.003 Windows Command Shell
Comments
This improper authentication vulnerability in Microsoft SharePoint allows an attacker to send unauthenticated HTTP POST requests to the endpoint, which SharePoint will trust the request if constructed correctly. This gives the attacker access to the APIs despite the lack of credentials, as well as the ability to impersonate users and abuse native functionality.
References
  1. https://fidelissecurity.com/vulnerabilities/cve-2025-49706/