What is the CVSS score of CVE-2025-47163?

CVE-2025-47163 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 16.9%.

How to fix or mitigate CVE-2025-47163?

Within 24 hours: Identify all SharePoint instances in your environment and their current versions using your asset management system. Within 7 days: Apply the vendor-released patch to all affected SharePoint servers, prioritizing production environments; test in a non-production environment first to ensure compatibility. Within 30 days: Verify patch deployment across 100% of SharePoint infrastructure and document completion; conduct a security assessment of SharePoint access controls to identify and restrict authenticated user privileges where possible.

Office365 CVE-2025-47163

Q: Which versions of Office365 are affected by CVE-2025-47163?

CVE-2025-47163 is a critical remote code execution vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary commands on affected servers without user…. A patch is available.

EUVD-2025-17736 HIGH

Deserialization of Untrusted Data (CWE-502)

2025-06-10 secure@microsoft.com

RCE Deserialization Microsoft Office365 Sharepoint Enterprise Server Sharepoint Server

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:41 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

16.0.18526.20396,16.0.10417.20018,16.0.5504.1001

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17736

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:23 nvd

HIGH 8.8

DescriptionNVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

AnalysisAI

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint environments where untrusted data is deserialized, enabling network-based code execution with high impact to confidentiality, integrity, and availability. While no public exploit code has been confirmed in open intelligence sources, the CVSS 8.8 rating and low attack complexity suggest this is a high-priority patch for all affected organizations.

Technical ContextAI

This vulnerability stems from CWE-502 (Deserialization of Untrusted Data), a well-known attack vector where SharePoint server-side components fail to properly validate or sanitize serialized objects before deserialization. Microsoft Office SharePoint likely uses .NET serialization (BinaryFormatter, NetDataContractSerializer, or similar) for inter-component communication or data persistence. An attacker with valid SharePoint credentials can craft malicious serialized payloads that, when deserialized by the server, instantiate dangerous object chains leading to arbitrary code execution. This is particularly severe in SharePoint because the service runs with elevated privileges and often has access to backend databases and external resources. The vulnerability requires Low privilege access (PR:L) but has No User Interaction (UI:N) required, meaning it can be triggered programmatically via SharePoint APIs or web services.

RemediationAI

Immediate remediation steps: (1) Apply the latest security patch from Microsoft for your SharePoint version immediately—Microsoft typically releases cumulative updates (CUs) and security updates (SUs) monthly; (2) Verify patch installation by checking build numbers against Microsoft's official guidance; (3) If immediate patching is not possible, restrict network access to SharePoint services using firewall rules and network segmentation to limit exposure to trusted users and systems only; (4) Disable or restrict access to SharePoint REST APIs and SOAP web services if not required for business operations; (5) Enforce multi-factor authentication (MFA) for all SharePoint user accounts to reduce the risk of credential compromise enabling the attack; (6) Monitor SharePoint logs and application insights for suspicious deserialization patterns, unusual object instantiation, or authentication anomalies. Consult Microsoft's official advisory and KB article (search 'CVE-2025-47163' on Microsoft Security Update Guide or MSRC portal) for specific patch versions, build numbers, and validated remediation steps. Enterprise customers may reference their Microsoft support contract for prioritized guidance.

More from same product – last 7 days

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-42901 CRITICAL Monitor

10.0 May 22

Privilege escalation in Microsoft Entra ID enables remote unauthenticated attackers to bypass origin validation and gain

CVE-2025-47163 vulnerability details – vuln.today

Back

Office365 CVE-2025-47163

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code