CNNVD-202507-1131 Information
CNNVD ID
CNNVD-202507-1131
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Microsoft Office Sharepoint Server是美国微软(Microsoft)公司的一款为企业客户而设计的、基于web的内容管理和协作工具。该软件初始版本以Office组件形式存在,现在也仍然大大依托于Office,以提供企业门户、文档协同等功能为主,之后版本支持将Office、Exchange、Lync、Project和Visio结合起来。 Microsoft Office Sharepoint Server存在授权问题漏洞。攻击者利用该漏洞执行欺骗攻击。以下产品和版本受到影响:Microsoft SharePoint Enterprise Server 2016,Microsoft SharePoint Server 2019,Microsoft SharePoint Server Subscription Edition。
Description (English)
Microsoft Office Sharepoint Server is a web-based content management and collaboration tool designed for corporate clients by Microsoft USA. The initial version of the software, which exists in the form of an Office component, is also still heavily dependent on Office, which provides, inter alia, business portals, document synergies, and the subsequent version supports the integration of Office, Exchange, Lync, Project and Visio. Microsoft Office Sharepoint Server has a mandate gap. The attackers used the loophole to carry out the deceptive attack. The following products and versions have been affected: Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Adition.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
微软
Published
2025-07-08
Last Modified
2026-02-24
References
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ https://nvd.nist.gov/vuln/detail/CVE-2025-49706 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706
Patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706
Share on: