CVE-2025-54905 is a vulnerability classified under CWE-822 (Untrusted Pointer Dereference) affecting Microsoft SharePoint Enterprise Server 2016, specifically version 16.0.0. The flaw arises from improper handling of pointers within Microsoft Office Word components integrated with SharePoint, leading to dereferencing pointers that are not properly validated. This can be exploited by an unauthorized attacker with local access to the system who can trick a user into interacting with a maliciously crafted document. The vulnerability enables disclosure of sensitive information locally and can also cause denial of service conditions, impacting system availability. The CVSS v3.1 base score is 7.1, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The scope remains unchanged (S:U), and the impact is high on confidentiality (C:H) and availability (A:H), but none on integrity (I:N). No known exploits are currently in the wild, and no patches have been released yet. The vulnerability was reserved in late July 2025 and published in early September 2025. The issue stems from unsafe pointer dereferencing, which can lead to memory corruption or leakage of sensitive data stored in memory. Since SharePoint is widely used in enterprise environments for document management and collaboration, this vulnerability poses a risk of local data exposure and service interruption if exploited.

For European organizations, the impact of CVE-2025-54905 can be significant, especially for those relying heavily on Microsoft SharePoint Enterprise Server 2016 for document management and collaboration. The vulnerability allows unauthorized local attackers to disclose sensitive information, potentially exposing confidential business data or personal information protected under GDPR. Additionally, the ability to cause denial of service can disrupt business operations, affecting availability of critical document repositories and collaboration platforms. This can lead to operational downtime, loss of productivity, and reputational damage. Since the attack requires local access and user interaction, insider threats or compromised endpoints pose a higher risk. Organizations in sectors such as finance, healthcare, government, and critical infrastructure, which often use SharePoint extensively, may face compliance and operational risks. The lack of available patches increases the window of exposure until mitigations or updates are deployed.

1. Apply official patches or updates from Microsoft as soon as they become available to address this vulnerability. 2. Restrict local access to systems running SharePoint Enterprise Server 2016 to trusted users only, minimizing the risk of unauthorized local exploitation. 3. Implement strict endpoint security controls, including application whitelisting and behavior monitoring, to detect and prevent execution of malicious documents. 4. Educate users about the risks of opening untrusted or unexpected Office documents, emphasizing the need for caution with local files. 5. Use network segmentation to isolate SharePoint servers and limit lateral movement in case of compromise. 6. Monitor logs and system behavior for signs of memory corruption or unusual application crashes that could indicate exploitation attempts. 7. Employ Data Loss Prevention (DLP) tools to detect and prevent unauthorized data exfiltration from SharePoint environments. 8. Consider upgrading to newer, supported versions of SharePoint with improved security controls if feasible. 9. Regularly back up SharePoint data and test recovery procedures to mitigate impact of denial of service or data corruption.