CVE-2025-49712: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

6 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sharepoint_enterprise_server_2016	>= 16.0.0 < 16.0.5513.1002	16.0.5513.1002
microsoft	microsoft_sharepoint_server_2019	>= 16.0.0 < 16.0.10417.20041	16.0.10417.20041
microsoft	sharepoint_server	—	—
microsoft	sharepoint_server	—	—
msrc	microsoft_sharepoint_enterprise_server_2016	—	—
msrc	microsoft_sharepoint_server_2019	—	—