CVE-2025-47166: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2025-47166) was disclosed as part of Microsoft's June 2025 Patch Tuesday security updates. The vulnerability was discovered and reported to Microsoft, with the CVE being created on May 1, 2025, and publicly disclosed on June 10, 2025 (Wiz).

The vulnerability involves deserialization of untrusted data in Microsoft Office SharePoint and is classified as a Remote Code Execution (RCE) vulnerability with a CVSS base score of 8.8 (HIGH). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and requires low privileges. The vulnerability is associated with CWE-502 (Deserialization of Untrusted Data) (NVD, Wiz).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the SharePoint application. Given the high CVSS score and the critical nature of SharePoint in enterprise environments, this poses a significant security risk to affected organizations (Wiz).

Microsoft has released security updates (KB5002729) to address this vulnerability as part of the June 2025 Patch Tuesday updates. Organizations running affected SharePoint Server installations are strongly advised to apply these security updates immediately. The update is available through Microsoft Update, Microsoft Update Catalog, and as a standalone package through the Microsoft Download Center (Microsoft Support).