Threat Advisories - NVD Disclosed July 8, 2025

CVE-2025-48384

Git Configuration Vulnerability May Allow Unauthorized Code Execution.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Git's configuration handling could allow unintended script execution. This occurs when a submodule path is altered due to special characters, potentially triggering a hook script if specific local conditions are met. This presents a business risk of unauthorized code execution. <character_count>: 265

NVD published: July 8, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-49706

Microsoft SharePoint Authentication Bypass

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Microsoft SharePoint has an authentication flaw allowing unauthorized network spoofing, potentially exposing sensitive data. This issue is actively exploited, posing a business risk. Organizations should identify exposed assets and apply vendor fixes.

NVD published: July 8, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-49704

SharePoint Server Code Injection Vulnerability Allows Network Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An authorized attacker can exploit a code injection vulnerability in Microsoft Office SharePoint to execute code over a network. This impacts affected organizations by potentially compromising systems and data. The realistic business risk involves unauthorized code execution.

NVD published: July 8, 2025 • CISA KEV