CVE-2025-29793: 
vulnerability analysis and mitigation

A deserialization of untrusted data vulnerability in Microsoft Office SharePoint was identified and disclosed on April 8, 2025. The vulnerability, tracked as CVE-2025-29793, affects multiple versions of SharePoint including SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016 (Microsoft Support).

The vulnerability is classified as a remote code execution vulnerability with a CVSS v3.1 base score of 7.2 (High). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring high privileges (PR:H) and no user interaction (UI:N). The scope is unchanged (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability is categorized under CWE-502 (Deserialization of Untrusted Data) (NVD).

The vulnerability allows an authorized attacker to execute code over a network through the deserialization of untrusted data in Microsoft Office SharePoint. This could potentially lead to remote code execution on affected systems (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For SharePoint Server Subscription Edition, the update is KB5002705, for SharePoint Server 2019, it's KB5002691, and for SharePoint Enterprise Server 2016, it's KB5002692. The updates include enhanced security and validation mechanisms in authentication processes (Microsoft Support).