**Name of the Vulnerable Software and Affected Versions:**

Microsoft Office SharePoint Server (affected versions not specified)

**Description:**

This issue involves improper authentication and a path traversal vulnerability in Microsoft Office SharePoint Server. An unauthorized attacker can perform spoofing over a network, potentially gaining access to sensitive data and stealing credentials. The vulnerability is actively exploited, with reports indicating over 400 victims globally. Exploitation involves sending a specially crafted POST request to `/layouts/15/ToolPane.aspx?DisplayMode=Edit`, which can lead to remote code execution (RCE) and complete compromise of the SharePoint server, including the ability to install web shells. The vulnerability is also a patch bypass, meaning systems may remain vulnerable even after applying previous security updates. Initial scans of the vulnerability were detected on July 16, 2025.

**Recommendations:**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.