VDB
CNVD-2025-16687
CNVD-2025-16687
PUBLISHED
CVSS 6.5 MEDIUM
SharePoint Server是微软提供的本地部署的企业协作平台,支持内容共享、知识管理和应用整合,可与 Microsoft 365订阅无缝对接以获取最新功能。 Microsoft SharePoint Server存在欺骗漏洞,该漏洞源于Microsoft Office SharePoint不当的身份验证,攻击者可利用漏洞通过网络发起欺骗攻击。
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | 16.0.0 |
| microsoft | sharepoint_server_2019 | 16.0.0 |
| microsoft | sharepoint_server_2016 | 16.0.0 |
| Microsoft | Microsoft SharePoint Server Subscription Edition | 16.0.0 |
| Microsoft | Microsoft SharePoint Server 2019 | 16.0.0 |
| microsoft | sharepoint_server | 16.0.0 |
Timeline
- May 1, 2025 CVE Published
- Jul 8, 2025 PoC Published
- Jul 8, 2025 PoC Published
- Jul 14, 2025 PoC Published
- Jul 19, 2025 PoC Published
- Jul 19, 2025 PoC Published
- Jul 19, 2025 PoC Published
- Jul 19, 2025 PoC Published
- Jul 20, 2025 PoC Published
- Jul 20, 2025 PoC Published
- Jul 20, 2025 PoC Published
- Jul 20, 2025 PoC Published
References
- Microsoft SharePoint Server Spoofing Vulnerability vendor-advisory
- https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ vendor-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49706 url