CVE-2025-47166

Опубликовано: 10 июн. 2025

Источник: msrc

CVSS3: 8.8

EPSS Низкий

Описание

Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

FAQ

How could an attacker exploit the vulnerability?

In a network-based attack, an authenticated attacker, who has a minimum of Site Member permissions (PR:L), could execute code remotely on the SharePoint Server.

Обновления

Продукт	Статья	Обновление
Microsoft SharePoint Enterprise Server 2016	5002732	Security Update
Microsoft SharePoint Server 2019	5002729	Security Update
Microsoft SharePoint Server Subscription Edition	5002736	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 67%

0.00562

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2025-47166

CVSS3: 8.8

nvd

8 дней назад

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

GHSA-jvcx-4h9f-wx33

CVSS3: 8.8

github

8 дней назад

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

EPSS

Процентиль: 67%

0.00562

Низкий

8.8 High

CVSS3