CVE-2025-54905 is a vulnerability classified under CWE-822 (Untrusted Pointer Dereference) affecting Microsoft SharePoint Enterprise Server 2016, specifically version 16.0.0. The issue arises from improper handling of pointers within Microsoft Office Word components integrated with SharePoint, allowing an attacker with local access to dereference untrusted pointers. This can lead to unauthorized disclosure of sensitive information stored or processed locally and may also cause denial of service conditions by crashing the application or server processes. The vulnerability does not require any privileges but does require user interaction, such as opening a malicious document or triggering a crafted action within Word integrated into SharePoint. The CVSS v3.1 score of 7.1 reflects a high severity due to the combination of local attack vector, low attack complexity, no privileges required, and high impact on confidentiality and availability. Although no public exploits are known at this time, the vulnerability poses a significant risk to environments where SharePoint 2016 is deployed, especially in scenarios where users have local access to systems hosting SharePoint or where Word documents are processed. The lack of an official patch at the time of disclosure necessitates immediate mitigation strategies to reduce exposure.

For European organizations, the vulnerability could lead to unauthorized disclosure of sensitive corporate or personal data stored or processed via SharePoint Enterprise Server 2016. This is particularly critical for sectors handling confidential information such as finance, healthcare, and government. The availability impact could disrupt business continuity by causing service outages or application crashes, affecting collaboration and document management workflows. Since exploitation requires local access and user interaction, insider threats or compromised endpoints pose the greatest risk. Organizations with remote or hybrid workforces may face increased exposure if endpoint security is insufficient. The confidentiality breach could lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. Additionally, the disruption of SharePoint services could impact productivity and operational efficiency.

Given the absence of an official patch, European organizations should implement strict local access controls to SharePoint servers and endpoints running Microsoft Office Word. Employ application whitelisting and endpoint protection solutions to detect and block suspicious document activities. Enforce least privilege principles to limit user permissions on SharePoint servers and workstations. Educate users on the risks of opening untrusted documents and implement robust email filtering to reduce phishing vectors. Monitor system logs and SharePoint activity for unusual behavior indicative of exploitation attempts. Consider isolating SharePoint servers from direct user access or using virtual desktop infrastructure (VDI) to limit local exposure. Once Microsoft releases a patch, prioritize its deployment in all affected environments. Regularly update and audit security configurations to ensure compliance with best practices.