CVE-2025-49706 Scanner
CVE-2025-49706 Scanner - Improper Authentication vulnerability in Microsoft SharePoint Server
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 week 20 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
Microsoft SharePoint Server is an enterprise solution used for managing and storing documents. It is widely adopted by organizations to create websites and collaborative workspaces. IT administrators and content managers utilize SharePoint for its content management and document storage capabilities. As a web-based platform, it is commonly utilized in various environments including corporate intranets and web applications. Administrators leverage it for its integration with other Microsoft products and ease of use for team collaboration. Its role in improving productivity through streamlined information sharing is paramount.
The vulnerability involves improper authentication within Microsoft Office SharePoint. It can allow an unauthorized attacker to perform spoofing over a network. By lacking strict authentication checks, the system can be misled into accepting illegitimate credentials. This vulnerability could be exploited by attackers to impersonate other users or gain unauthorized access. The improper handling of authentication procedures prompts significant security risks. Such gaps in security could potentially expose sensitive organizational data to unauthorized parties.
Technically, the vulnerability can be targeted through weak endpoints within SharePoint's authentication framework. The issue lies in HTTP requests made to specific URLs without proper verification of user credentials. Attackers can manipulate parameters such as 'MSOTlPn_Uri' and 'MSOTlPn_DWP' in HTTP Post requests. The vulnerability is indicated by receiving specific response status codes from the server. For instance, codes like 301 and 302 signal an object moved, hinting at the bypass. The lack of stringent control measures is a clear technical flaw in the software's design.
Exploitation of the vulnerability may lead to unauthorized data access or resource manipulation. Attackers can spoof identities to retrieve confidential documents or perform unauthorized actions. This may result in exposure of sensitive enterprise information, potentially used for malicious purposes. Companies might face compliance breaches and loss of trust due to data compromise. Additionally, the organization could incur financial losses due to unauthorized transactions or reputational damage. Prompt identification and patching are critical to prevent such threats.
REFERENCES
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706
- https://securelist.com/toolshell-explained/117045/
- https://www.wiz.io/blog/sharepoint-vulnerabilities-cve-2025-53770-cve-2025-53771-everything-you-need-to-k
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sharepoint_toolpane_rce.rb
- https://nvd.nist.gov/vuln/detail/CVE-2025-49706
