Redazione RHC : 21 November 2025 16:44
Microsoft has disclosed a critical vulnerability in SharePoint Online (discovered by RHC through our ongoing monitoring of critical CVEs on our portal), identified as CVE‑2025‑59245 , with a CVSS v3.1 score of 9.8/10 .
The flaw affects the deserialization of untrusted data (CWE‑502) and allows a remote attacker to gain elevation of privilege without requiring credentials or user interaction, putting data confidentiality, integrity, and availability at high risk.
The vulnerability exploits the deserialization of data from untrusted sources. This allows an attacker to manipulate serialized objects that SharePoint Online deserializes insecurely, allowing them to execute arbitrary code or elevate their privileges. This allows administrative control over the platform, compromising documents, business flows, and sensitive data. The CVSS score reflects both the ease of exploitation and the severe impact on confidentiality, integrity, and availability .
SharePoint Online is a cloud service widely used by businesses, public administrations, and international organizations for document management and collaboration. A compromised tenant can lead to unauthorized data access, document manipulation, and operational disruptions , with potential legal and reputational consequences. The lack of authentication and user interaction requirements further increases the risk of remote exploitation.
The vulnerability was classified on NVD in September 2025 and officially published on November 20, 2025 , with an update on November 21. Microsoft included it in its Security Update Guide, but no public exploits or patches were available at the time of publication. Being cloud-based, mitigations and updates are managed directly by the provider, making it crucial for organizations to monitor it.
While SharePoint Online is a cloud service and Microsoft will apply server-side patches directly, organizations should remain vigilant. It’s essential to verify the health of their tenant , monitor for suspicious activity, and ensure access controls, privileges, and API integrations are properly configured . These measures reduce residual risk from misconfigurations or potential exploitation attempts prior to patching, thus ensuring the security of corporate data even in managed cloud environments.
CVE‑2025‑59245 highlights how critical enterprise cloud security is.
With a score of 9.8 and remotely exploitable without authentication, the vulnerability poses a real threat to data confidentiality, integrity, and availability. Organizations and administrators must act immediately, implementing controls, mitigations, and constant monitoring to prevent unauthorized access and potential operational or reputational damage.
Redazione