- • CISA has added two critical Microsoft SharePoint vulnerabilities, CVE-2025-49704 (RCE) and CVE-2025-49706 (spoofing), to its Known Exploited Vulnerabilities catalog due to active exploitation.
- • Chinese state-backed groups, including Linen Typhoon and Violet Typhoon, are exploiting these vulnerabilities in on-premises SharePoint servers, impacting over 100 organizations.
- • Microsoft has released urgent security updates for affected SharePoint versions, advising all on-premises users to apply these patches immediately to mitigate risks.
- • Proof-of-concept exploit code for these vulnerabilities is now publicly available, increasing the likelihood of further attacks by various threat actors.
- • Organizations must ensure their SharePoint servers are updated to the latest security versions to prevent unauthorized access and potential data breaches.
Chinese state-sponsored hackers are actively exploiting two critical vulnerabilities in Microsoft SharePoint servers (CVE-2025-49704 and CVE-2025-49706), affecting numerous organizations. These flaws allow unauthorized access and remote code execution, posing significant risks to businesses using on-premises installations. Microsoft has issued urgent security updates, and organizations must apply these patches immediately to safeguard their systems. Failure to do so could lead to data breaches and operational disruptions. Security teams should prioritize updating their SharePoint servers and monitor for any suspicious activity related to these vulnerabilities.
