AAKL<p>CISA's updated advisory: UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities <a href="https://www.cisa.gov/news-events/alerts/2025/07/20/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cisa.gov/news-events/alerts/20</span><span class="invisible">25/07/20/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities</span></a></p><p>Additions to the KEV catalogue:</p><p>- CVE-2025-49706: Microsoft SharePoint Improper Authentication Vulnerability <a href="https://www.cve.org/CVERecord?id=CVE-2025-49706" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cve.org/CVERecord?id=CVE-2025-</span><span class="invisible">49706</span></a> </p><p>- CVE-2025-49704: Microsoft SharePoint Code Injection Vulnerability <a href="https://www.cve.org/CVERecord?id=CVE-2025-49704" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cve.org/CVERecord?id=CVE-2025-</span><span class="invisible">49704</span></a></p><p>- CVE-2025-54309: CrushFTP Unprotected Alternate Channel Vulnerability <a href="https://www.cve.org/CVERecord?id=CVE-2025-54309" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cve.org/CVERecord?id=CVE-2025-</span><span class="invisible">54309</span></a></p><p>- CVE-2025-6558: Google Chromium ANGLE and GPU Improper Input Validation Vulnerability <a href="https://www.cve.org/CVERecord?id=CVE-2025-6558" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cve.org/CVERecord?id=CVE-2025-</span><span class="invisible">6558</span></a> </p><p>- CVE-2025-2776: SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability <a href="https://www.cve.org/CVERecord?id=CVE-2025-2776" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cve.org/CVERecord?id=CVE-2025-</span><span class="invisible">2776</span></a> </p><p>- CVE-2025-2775: SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&sort_by=field_date_added&items_per_page=20" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cisa.gov/known-exploited-vulne</span><span class="invisible">rabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&sort_by=field_date_added&items_per_page=20</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://infosec.exchange/tags/Chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chromium</span></a> <a href="https://infosec.exchange/tags/CrushFTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CrushFTP</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a></p>