Cyber Resilience

CVE-2025-59228

High

Published: 14 October 2025

Published
14 October 2025
Modified
28 October 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0025 48.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59228 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-59228 is an improper input validation vulnerability affecting Microsoft Office SharePoint. Published on 2025-10-14T17:16:03.747, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-20 (Improper Input Validation), with additional NVD-CWE-noinfo classification.

An authorized attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation enables arbitrary code execution in the context of the SharePoint service, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) without scope change (S:U).

Microsoft's advisory provides guidance on this vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59228.

EU & UK References

Vulnerability details

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE enables remote code execution via improper input validation in Microsoft Office SharePoint, a public-facing web application, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21344Same product: Microsoft Sharepoint Server
CVE-2026-26106Same product: Microsoft Sharepoint Server
CVE-2026-32201Same product: Microsoft Sharepoint Server
CVE-2025-21348Same product: Microsoft Sharepoint Server
CVE-2026-26114Same product: Microsoft Sharepoint Server
CVE-2026-20951Same product: Microsoft Sharepoint Server
CVE-2026-20947Same product: Microsoft Sharepoint Server
CVE-2025-59237Same product: Microsoft Sharepoint Server
CVE-2025-54897Same product: Microsoft Sharepoint Server
CVE-2026-20963Same product: Microsoft Sharepoint Server

Affected Assets

microsoft
sharepoint server
2016, 2019 · ≤ 16.0.19127.20262

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements information input validation mechanisms to prevent exploitation of the improper input validation vulnerability in Microsoft Office SharePoint.

prevent

Requires timely flaw remediation, including patching CVE-2025-59228 as directed by Microsoft's advisory, to eliminate the specific vulnerability.

prevent

Provides memory protection safeguards that mitigate arbitrary code execution even if invalid input bypasses validation in the SharePoint service.

References