The vulnerabilities, designated as CVE-2025-49704 and CVE-2025-49706, pose significant risks to organizations running on-premises SharePoint servers and have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate remediation deadline. The vulnerability enables threat actors to inject malicious code into the SharePoint application, which can then be executed with the privileges of the SharePoint service account, leading to potential system compromise and data exfiltration. CISA has issued an urgent warning regarding two critical Microsoft SharePoint vulnerabilities that threat actors are actively exploiting in the wild. Microsoft has confirmed that the update for CVE-2025-53770 includes more robust protections than the individual patches for these vulnerabilities, suggesting a comprehensive security enhancement approach that addresses the underlying architectural weaknesses. Threat actors typically leverage CVE-2025-49706 first to bypass authentication mechanisms through spoofing techniques, then exploit CVE-2025-49704 to inject and execute malicious code on the compromised server. For supported SharePoint versions, organizations must apply the latest security patches and follow Microsoft’s comprehensive mitigation guidance. Successful exploitation of this vulnerability grants attackers unauthorized access to view sensitive information and make modifications to disclosed data, effectively compromising the integrity and confidentiality of SharePoint environments. CISA added both vulnerabilities to the KEV catalog on July 22, 2025, with an unprecedented 24-hour remediation deadline set for July 23, 2025. Organizations should also consider implementing network segmentation, enhanced monitoring, and access controls as part of their broader cybersecurity posture to prevent similar exploitation attempts in the future.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Jul 2025 08:35:11 +0000