CVE-2025-47166

HIGH

Microsoft Sharepoint Enterprise Server - Insecure Deserialization

Title source: rule

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textremotewindows
https://www.exploit-db.com/exploits/52349

References (1)

Scores

CVSS v3 8.8
EPSS 0.0857
EPSS Percentile 92.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (3)

microsoft/sharepoint_enterprise_server
microsoft/sharepoint_server < 16.0.18526.20396
microsoft/sharepoint_server

Timeline

Published Jun 10, 2025
Tracked Since Feb 18, 2026