CVE-2025-49706: 
vulnerability analysis and mitigation

A vulnerability identified as CVE-2025-49706 was discovered in Microsoft Office SharePoint, involving improper authentication that enables authorized attackers to perform spoofing attacks over a network. The vulnerability was disclosed on July 8, 2025, and affects multiple versions of SharePoint, including SharePoint Enterprise Server 2016 and SharePoint Server 2019 (NVD, Microsoft Support).

The vulnerability has been assigned a CVSS v3.1 base score of 6.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The vulnerability is classified under CWE-287 (Improper Authentication) (NVD).

The vulnerability could allow an authorized attacker to perform spoofing attacks over a network, potentially compromising the confidentiality and integrity of the affected SharePoint systems. The CVSS scoring indicates high impact on confidentiality and low impact on integrity, with no impact on availability (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through multiple channels: Microsoft Update, Microsoft Update Catalog, and as standalone packages through the Microsoft Download Center. For SharePoint Server 2016, the security update is KB5002744 (build 16.0.5508.1000), and for SharePoint Server 2019, the update is KB5002741 (build 16.0.10417.20027) (Microsoft Support).