PT-2025-36863 · Microsoft · Sharepoint Server

Zcgonvhs Cat Vanilla

Published

2025-09-09

Updated

2026-06-08

CVE-2025-54897

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Server Subscription Edition (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description An issue exists in the deserialization mechanism of Microsoft Office SharePoint. Deserialization is the process of converting a stream of bytes back into an object. This flaw allows an authorized attacker to execute arbitrary code remotely over a network by providing untrusted data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2025-11034

CVE-2025-54897

Affected Products

Sharepoint Server

PT-2025-36863 · Microsoft · Sharepoint Server

CVE-2025-54897

Weakness Enumeration

Related Identifiers

Affected Products

References · 11