Описание
Microsoft SharePoint Server Spoofing Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
FAQ
Are the two new CVEs that were released related to the two SharePoint vulnerabilities that were documented by CVE-2025-49704 and CVE-2025-49706?
Yes, the update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706.
There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?
Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Уязвимость пакетов программ Microsoft SharePoint Server и SharePoint Enterprise Server, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю осуществлять спуфинг-атаки
Microsoft SharePoint Server Remote Code Execution Vulnerability
EPSS
6.5 Medium
CVSS3