CVE-2025-47166

HIGH

Microsoft Sharepoint Enterprise Server - Insecure Deserialization

Title source: rule

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textremotewindows
https://www.exploit-db.com/exploits/52349

References (1)

Scores

CVSS v3 8.8
EPSS 0.1409
EPSS Percentile 94.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (3)
microsoft/sharepoint_enterprise_server 2016
microsoft/sharepoint_server 2019
microsoft/sharepoint_server < 16.0.18526.20396
Published Jun 10, 2025
Tracked Since Feb 18, 2026