CVE-2025-54897: 
vulnerability analysis and mitigation

CVE-2025-54897 is a Remote Code Execution (RCE) vulnerability discovered in Microsoft Office SharePoint. The vulnerability was disclosed on September 9, 2025, affecting multiple versions of SharePoint including SharePoint Server 2019, 2016 Enterprise, and SharePoint Server Subscription Edition up to version 16.0.19127.20100. The vulnerability stems from deserialization of untrusted data in Microsoft Office SharePoint (NVD).

The vulnerability has been assigned a CVSSv3 score of 8.8 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The flaw is related to deserialization of untrusted data (CWE-502) and requires authentication for exploitation, though privileged accounts such as admin or other elevated privileges are not necessary (NVD, Tenable Blog).

A successful exploitation of this vulnerability would allow an authenticated attacker to execute arbitrary code over a network on a vulnerable SharePoint Server. The attacker could either write arbitrary code or use code injection to execute code on the affected system (Tenable Blog).

Microsoft has released security updates to address this vulnerability. The fixes are available in build 16.0.19127.20100 for SharePoint Server Subscription Edition and build 16.0.10417.20047 for SharePoint Server 2019. Users are advised to apply these security updates through Microsoft Update, Microsoft Update Catalog, or Microsoft Download Center (Microsoft Support).