Cyber Resilience

CVE-2025-54897

HighRCE

Published: 09 September 2025

Published
09 September 2025
Modified
12 September 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3185 96.9th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54897 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-54897 is a deserialization of untrusted data vulnerability, tracked under CWE-502, that affects Microsoft Office SharePoint. The flaw carries a CVSS 3.1 base score of 8.8 and permits remote code execution when an attacker supplies crafted serialized data to the affected component.

An authorized attacker with network access can exploit the issue without user interaction to achieve full code execution, resulting in complete compromise of confidentiality, integrity, and availability on the target SharePoint server.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54897 supplies official mitigation guidance and patch information. The associated EPSS score has remained flat at 0.3185 since disclosure, indicating no material increase in observed exploitation interest.

EU & UK References

Vulnerability details

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Deserialization flaw in SharePoint directly enables unauthenticated RCE over the network on a public-facing server application, mapping cleanly to T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26114Same product: Microsoft Sharepoint Server
CVE-2025-59237Same product: Microsoft Sharepoint Server
CVE-2026-20963Same product: Microsoft Sharepoint Server
CVE-2026-35439Same product: Microsoft Sharepoint Server
CVE-2026-40357Same product: Microsoft Sharepoint Server
CVE-2026-33112Same product: Microsoft Sharepoint Server
CVE-2026-40368Same product: Microsoft Sharepoint Server
CVE-2025-49712Same product: Microsoft Sharepoint Server
CVE-2026-45659Same product: Microsoft Sharepoint Server
CVE-2025-53770Same product: Microsoft Sharepoint Server

Affected Assets

microsoft
sharepoint server
2016, 2019 · ≤ 16.0.19127.20100

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the deserialization vulnerability by requiring timely identification, reporting, and patching of the specific flaw in Microsoft Office SharePoint.

prevent

Prevents exploitation of untrusted data deserialization by enforcing comprehensive input validation and error handling at SharePoint's network interfaces.

prevent

Addresses remote code execution from deserialization by implementing memory protections that restrict unauthorized code execution in vulnerable processes.

References