Tag

#cve-2025-49706

2 posts tagged #cve-2025-49706.

Analysis · May 5, 2026 · The Field Notes Desk

SharePoint's two-week window: patched servers were still exploitable

Organizations that patched SharePoint on July 9 did everything right and were still vulnerable. Microsoft's first fix was incomplete, and ransomware operators had the gap memorized.
Analysis · May 5, 2026 · The Field Notes Desk

The 6.5 that enabled 400 compromises: authentication bypasses and the CVSS blind spot

CVE-2025-49706 scored CVSS 6.5. It enabled unauthenticated RCE across 400+ SharePoint servers. Authentication bypasses are consistently underscored, and consistently the vulnerability class that turns a bad bug into a mass-exploitation campaign.