Remote Code Execution Vulnerability in Microsoft Purview eDiscovery
CVE-2025-64676

7.2HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Purview
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-64676?

A vulnerability in Microsoft Purview eDiscovery allows an authorized attacker to execute arbitrary code remotely across a network. This flaw could be exploited to gain unauthorized access to sensitive data and perform potentially harmful actions without the user's consent, thereby impacting the overall security posture of affected systems. It is vital for organizations using this product to implement appropriate security measures and stay informed about available patches to mitigate associated risks.

Affected Version(s)

Microsoft Purview Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Nov 6, 2025

JSON