~/cve/CVE-2025-30378

pipeline liveDigest Docs

CVE-2025-30378

published 2025-05-13

CVE-2025-30378: Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

high7CVSS 3.1

AVLACHPRNUIRSUCHIHAH

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sharepoint_enterprise_server_2016	>= 16.0.0 < 16.0.5500.1001	16.0.5500.1001
microsoft	microsoft_sharepoint_server_2019	>= 16.0.0 < 16.0.10417.20010	16.0.10417.20010
microsoft	microsoft_sharepoint_server_subscription_edition	>= 16.0.0 < 16.0.18526.20286	16.0.18526.20286
microsoft	sharepoint_server	< 16.0.18526.20286	16.0.18526.20286
microsoft	sharepoint_server	—	—
microsoft	sharepoint_server	—	—
msrc	microsoft_sharepoint_enterprise_server_2016	—	—
msrc	microsoft_sharepoint_server_2019	—	—
msrc	microsoft_sharepoint_server_subscription_edition	—	—