Description of the security update for SharePoint Server Subscription Edition: August 12, 2025 (KB5002773)

Summary 

This security update resolves a Microsoft SharePoint elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-53760.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server Subscription Edition:

• Improves the People Picker Search experience.

• Improves the performance of new hybrid search.

• Registers Microsoft.Data.SqlClient as the SQL provider in SharePoint Search Service.

• Replaces the legacy SQL library with Microsoft.Data.SqlClient in SharePoint Workflow Manager.

• Adds a new toggle option in the property pane that lets users hide the command bar of list or document library web parts.

• Adds a warning when deleting a Cloud Search Service Application (Cloud SSA) if users have not verified that the hybrid indexes are removed.

• Fixes some GB18030 character set rendering issues.

• Fixes the LanguageSynchronization timer job execution failure.

• Fixes an issue in which Excel previews are not displayed in SharePoint search results.

• Fixes an issue in which the NodeRunner.exe process stops responding and generates a System.AccessViolationException.

• Fixes an issue in which filtering a Managed Metadata column breaks the filter functionality for other columns.

• Fixes an issue in which you cannot copy or move files to a folder that contains Private Use Area (PUA) characters.

• Fixes an issue in which an External List that's based on a Business Data Connectivity (BDC) connection does not display data.

• Fixes an issue in which clearing a filter on a column prevents subsequent filter clearing operations on the remaining columns.

• Fixes an issue in which the Editor field might update incorrectly when you move a file between document libraries.

• Fixes an issue in which you cannot open uploaded .one files after you install the March 11, 2025, update for SharePoint Server Subscription Edition (KB5002698).

• Fixes an issue in which the "Configure usage and health data collection" string is not localized in Simplified Chinese (zh-CN) on the SharePoint Central Administration page.

• Fixes an issue in which the published date on modern pages in Communication Sites is incorrectly displayed in US date format if a different regional format is expected.

• Fixes an issue in which Data Loss Prevention (DLP) policy tip and Override and Report actions might not work in subsites of site collections that are not at the root of a web application.

• Fixes an issue in which users cannot use Business Connectivity Services (BCS) together with the DotNetAssembly or WebService system type, because these system types are not enabled by default.
  
  ​​​​​​​To support BDC models that are based on the DotNetAssembly or WebService system type, you can enable the support by running the following commands in SharePoint Management Shell if you trust your BDC models:
  
  $farm = Get-SPFarm
  $farm.ServerDebugFlags.Add(57007)
  $farm.ServerDebugFlags.Add(57008)
  $farm.update()
  iisreset

Known issues in this update

After you install this update, you may experience an issue when you configure calendar overlay settings. For more information, see "Invalid EWS URL: <url>" error in Overlay settings in CalendarService.ashx (KB5064829). 

How to get and install the update

More information

Information about protection and security

Protect yourself online: Windows Security support

Learn how we guard against cyber threats: Microsoft Security​​​​​​​