CISA Adds Two Actively Exploited Microsoft SharePoint Vulnerabilities to KEV Catalog

On July 22, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Microsoft SharePoint vulnerabilities, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken due to evidence of active exploitation in the wild. Federal Civilian Executive Branch (FCEB) agencies have been directed to remediate these vulnerabilities by July 23, 2025. Microsoft SharePoint is a widely used platform for document management and collaboration within enterprises. Vulnerabilities in SharePoint can have severe implications, including unauthorized access, data breaches, and lateral movement within a network. The addition of these vulnerabilities to the KEV catalog underscores their critical nature and the immediate threat they pose. The KEV catalog is a crucial resource for organizations to prioritize vulnerability management based on active threats. The inclusion of these SharePoint vulnerabilities indicates that attackers are actively exploiting them, making immediate patching essential. The tight deadline set by CISA for FCEB agencies to remediate these vulnerabilities highlights the urgency and severity of the threat. For cybersecurity professionals, this development emphasizes the importance of timely patch management and the need for continuous monitoring of enterprise software. Organizations using Microsoft SharePoint should prioritize applying the necessary patches to mitigate the risk of exploitation. Additionally, it is advisable to monitor network traffic for signs of exploitation attempts and to implement additional security measures, such as network segmentation and access controls, to limit the potential impact of any successful exploitation. The impact on the cybersecurity landscape is significant, as SharePoint is a common tool in many enterprises. The active exploitation of these vulnerabilities could lead to widespread compromises if not addressed promptly. This situation also highlights the ongoing challenge of managing vulnerabilities in widely used enterprise software, which are often targeted by advanced persistent threats (APTs) and other sophisticated attackers. In conclusion, the addition of CVE-2025-49704 and CVE-2025-49706 to CISA's KEV catalog is a critical alert for organizations using Microsoft SharePoint. Immediate action is required to patch these vulnerabilities and mitigate the risk of exploitation. Cybersecurity professionals should ensure that their organizations are aware of this threat and take the necessary steps to protect their systems.