CVE-2025-59245

CriticalRCE

Published: 20 November 2025

Published

20 November 2025

Modified

21 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0109 78.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59245 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Sharepoint Online. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely remediation of the deserialization flaw in SharePoint Online through application of Microsoft patches and guidance.

SI-5 Security Alerts, Advisories, and Directives good match

prevent

Ensures receipt, dissemination, and implementation of security advisories from Microsoft's Security Response Center regarding this CVE.

SI-10 Information Input Validation partial match

prevent

Addresses CWE-502 by validating untrusted inputs before deserialization processing in SharePoint Online interactions.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE-2025-59245 is an unauthenticated remote deserialization vulnerability in public-facing SharePoint Online enabling exploitation for initial access (T1190) and privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Microsoft SharePoint Online Elevation of Privilege Vulnerability

Deeper analysisAI

CVE-2025-59245 is an Elevation of Privilege vulnerability affecting Microsoft SharePoint Online. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-502, which involves deserialization of untrusted data. The vulnerability was published on 2025-11-20T23:15:52.253.

The vulnerability enables exploitation over the network by unauthenticated attackers with low attack complexity and no requirement for user interaction. Successful exploitation results in high impacts to confidentiality, integrity, and availability, allowing attackers to elevate privileges within the affected SharePoint Online environment.

Microsoft provides guidance on this vulnerability through its Security Response Center update guide, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59245, which details recommended mitigations and patches.

Details

CWE(s): CWE-502

Affected Products

microsoft

sharepoint online

all versions

CVEs Like This One

CVE-2025-53772Same vendor: Microsoft

CVE-2025-55232Same vendor: Microsoft

CVE-2025-59237Same vendor: Microsoft

CVE-2026-26114Same vendor: Microsoft

CVE-2025-59287Same vendor: Microsoft

CVE-2026-33819Same vendor: Microsoft

CVE-2026-20963Same vendor: Microsoft

CVE-2026-32192Same vendor: Microsoft

CVE-2026-21531Same vendor: Microsoft

CVE-2025-49712Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59245
Vendor Advisory · secure@microsoft.com