CVE-2025-62204 - Vulnerability Details - OpenCVE

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Office Sharepoint Server Sharepoint Enterprise Server 2016 Sharepoint Server Sharepoint Server 2019

No data.

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62204

History

Wed, 12 Nov 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft office Sharepoint Server Microsoft sharepoint Enterprise Server 2016 Microsoft sharepoint Server Microsoft sharepoint Server 2019
Vendors & Products		Microsoft Microsoft office Sharepoint Server Microsoft sharepoint Enterprise Server 2016 Microsoft sharepoint Server Microsoft sharepoint Server 2019

Tue, 11 Nov 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description		Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Title		Microsoft SharePoint Remote Code Execution Vulnerability
Weaknesses		CWE-502
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62204
Metrics		cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-11-11T17:59:44.205Z

Updated: 2025-11-13T20:53:51.411Z

Reserved: 2025-10-08T20:10:09.346Z

Link: CVE-2025-62204

Vulnrichment

No data.

NVD

Status : Undergoing Analysis

Published: 2025-11-11T18:15:45.513

Modified: 2025-11-12T16:19:12.850

Link: CVE-2025-62204

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62204", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-10-08T20:10:09.346Z", "datePublished": "2025-11-11T17:59:44.205Z", "dateUpdated": "2025-11-13T20:53:51.411Z"}, "containers": {"cna": {"title": "Microsoft SharePoint Remote Code Execution Vulnerability", "datePublic": "2025-11-11T08:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.5526.1001"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.10417.20068"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.19127.20338"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.5526.1001", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.10417.20068", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server Subscription Edition", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.19127.20338", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-502: Deserialization of Untrusted Data", "lang": "en-US", "type": "CWE", "cweId": "CWE-502"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-11-13T20:53:51.411Z"}, "references": [{"name": "Microsoft SharePoint Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62204"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-06T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-62204"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T04:57:25.593Z"}}]}}