{"id":343408,"date":"2025-07-28T03:15:00","date_gmt":"2025-07-28T10:15:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=391349"},"modified":"2025-07-28T03:50:10","modified_gmt":"2025-07-28T10:50:10","slug":"microsoft-servers-are-at-risk-due-to-a-serious-vulnerability","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/microsoft-servers-are-at-risk-due-to-a-serious-vulnerability\/","title":{"rendered":"Microsoft servers are at risk due to a serious vulnerability"},"content":{"rendered":"\n

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical vulnerabilities in Microsoft SharePoint, designated as CVE-2025-49704 and CVE-2025-49706. Both vulnerabilities are being actively exploited worldwide, posing a significant risk to organizations operating on-premises SharePoint servers<\/strong>.<\/p>\n\n\n

A vulnerability that can be critical<\/h2>\n\n\n

The first vulnerability, CVE-2025-49704, is a serious code injection flaw that allows authorized attackers to execute arbitrary code through a network connection, which could result in full control over the compromised server. This vulnerability is classified as CWE-94, referring to Improper Control of Code Generation, and may result in the exposure of sensitive data and a potential information exfiltration<\/strong>.<\/p>\n\n\n

On the other hand, CVE-2025-49706 is a vulnerability of incorrect authentication that facilitates spoofing attacks, allowing attackers to bypass authentication controls and gain unauthorized access to critical information. This flaw is classified under CWE-287, and its successful exploitation allows attackers to modify data and compromise the integrity of SharePoint environments.<\/strong><\/p>\n\n\n

\n