Microsoft servers are at risk due to a serious vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical vulnerabilities in Microsoft SharePoint, designated as CVE-2025-49704 and CVE-2025-49706. Both vulnerabilities are being actively exploited worldwide, posing a significant risk to organizations operating on-premises SharePoint servers.

A vulnerability that can be critical

The first vulnerability, CVE-2025-49704, is a serious code injection flaw that allows authorized attackers to execute arbitrary code through a network connection, which could result in full control over the compromised server. This vulnerability is classified as CWE-94, referring to Improper Control of Code Generation, and may result in the exposure of sensitive data and a potential information exfiltration.

On the other hand, CVE-2025-49706 is a vulnerability of incorrect authentication that facilitates spoofing attacks, allowing attackers to bypass authentication controls and gain unauthorized access to critical information. This flaw is classified under CWE-287, and its successful exploitation allows attackers to modify data and compromise the integrity of SharePoint environments.

When both vulnerabilities are combined, they create a powerful attack vector. Attackers often use CVE-2025-49706 to bypass authentication and then exploit CVE-2025-49704 to inject malicious code. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog with a remediation deadline of 24 hours, highlighting the urgency and severity of the situation.

Likewise, CISA has recommended that organizations take immediate action, especially those using versions of SharePoint that are no longer supported. For supported versions, it is urged to apply the latest security patches and to follow the mitigation guidelines recommended by Microsoft.

Microsoft Edge DOWNLOAD