Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202510-00000008)
[Description]
Microsoft SharePoint Server is an enterprise-class collaboration platform that provides document management and team collaboration features. It is the core platform for enterprise information integration. [CVE-2025-59228, CVSS: 8.8] This is an improper input validation vulnerability that could allow an authenticated attacker to execute code over the network. [CVE-2025-59237, CVSS: 8.8] This is an untrusted data deserialization vulnerability that could allow an authenticated attacker to execute code over the network.
[Affected Platforms]
● Microsoft SharePoint Enterprise Server 2016
● Microsoft SharePoint Server 2019
● Microsoft SharePoint Server Subscription Edition
[Recommended Action]
Patch according to the solution released on the official website:
[CVE-2025-59228]
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59228
[CVE-2025-59237]
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59237
[References]
https://www.twcert.org.tw/tw/cp-169-10446-b41fa-1.html
[Security Vulnerability Alert] Two major security vulnerabilities exist in Microsoft's SharePoint Server
Type:行政公告
Pubish Date:2025/10/20 至 2026/04/20
Visitors:115
返回列表
