CISA recognized two Microsoft SharePoint vulnerabilities, CVE-2025-49704 and CVE-2025-49706, as actively exploited and included them in its Known Exploited Vulnerabilities catalog. Federal agencies must address these vulnerabilities by July 23, 2025. Recent evidence shows that these vulnerabilities allow unauthorized access to SharePoint servers and have been exploited by Chinese hacking groups since July 7, 2025. Furthermore, CVE-2025-53770 is identified as an authentication bypass and remote code execution issue, with the root cause linked to two vulnerabilities in SharePoint.
CISA added Microsoft SharePoint flaws CVE-2025-49704 and CVE-2025-49706 to the Known Exploited Vulnerabilities catalog due to active exploitation. Federal agencies must remediate them by July 23, 2025.
The vulnerabilities allow unauthorized access to on-premise SharePoint servers, and Microsoft indicated that Chinese hacking groups have used these flaws to conduct breaches since July 7, 2025.
CVE-2025-53770 is noted as both an authentication bypass and a remote code execution bug, indicating that it is not necessary to build the exploit chain.
The root cause of CVE-2025-53770 arises from a combination of an authentication bypass and an insecure deserialization vulnerability, according to security analysts.
Collection
[
|
...
]