CVE-2025-49706

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Server Subscription Edition (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified)

Description Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing attacks over a network. This issue involves an authentication bypass within the ToolPane. In July 2025, Chinese state-backed groups, including Linen Typhoon and Violet Typhoon, exploited this flaw to gain access to on-premises servers at approximately 100 to 400 organizations, potentially enabling the theft of files and other data from affected systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.