The product group released the September 2025 Cumulative Update for SharePoint Server Subscription Edition.
Monthly SharePoint Server Subscription edition updates are released as a single unified “uber” package containing both the language independent and language dependent fixes. Language independent and language dependent fixes will no longer be released separately. This is similar to the full server packages released for SharePoint 2013.
The KB article for September 2025 CU will be available at the following location in a couple of hours:
- KB 5002784 – September 2025 Update for SharePoint Server Subscription Edition
This is also a security update!
The download for September 2025 CU is available through the following link:
It is irrelevant which language you pick on the drop down in download center. It will always download the same package.
After installing the fix you need to run the SharePoint Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
SharePoint Server Subscription Edition September 2025 CU Build Number: 16.0.19127.20100
Important: To minimize the installation time for SharePoint Server Subscription Edition Fixes, please follow the guidance in the following article: Solving the extended install time for SPSE CUs
Related Links:
- Learn: 25H1 Feature Update for SharePoint Server Subscription Edition
- Learn: Updated Product Servicing Policy for SharePoint Server Subscription Edition
- Learn: FAQs for SharePoint Server Subscription Edition product servicing policy
- Blog: SharePoint Patching Best Practices
- Blog: SharePoint Patching demystified
- Blog: Why I prefer PSCONFIGUI.EXE over PSCONFIG.EXE
- Technet: Update Center for Microsoft Office, Office Servers, and Related Products
- Blog: SharePoint Server 2016 Zero-Downtime Patching Demystified (applies also to SharePoint Server 2019)
- Blog: SharePoint does not have a build version. Full Stop.
- Blog: Solving the extended install time for SPSE CUs
Permalink
Hi,
After installing the CU the Config Wizard failed on 2 of my farms with the following error message:
An exception of type System.InvalidOperationException was thrown. Additional exception information: Cannot start service SPAdminV4 on computer ‘.’.
When I looked in the Services, SharePoint Administration was not running, and I couldn’t get it to start. By each try I got almost instant the error message ‘Error 1053: The service did not respond to the start or control request in a timely fashion.’.
In the Event Viewer under Windows Logs -> Application I found some additional information:
Faulting application name: WSSADMIN.EXE, version: 16.0.19127.20100, time stamp: 0xcb8febdd
Faulting module name: PayloadRestrictions.dll, version: 10.0.26100.1150, time stamp: 0x19def02b
Exception code: 0xc0000005
Fault offset: 0x000000000004ce2b
Faulting process id: 0x1E2C
Faulting application start time: 0x1DC230D7811AE8E
Faulting application path: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\BIN\WSSADMIN.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\PayloadRestrictions.dll
Report Id: 74a29f0a-2d99-4b51-a464-f3ca394fc992
Faulting package full name:
Faulting package-relative application ID:
After some research on the internet, I found out, that this might be a Defender problem. So, I noticed that in Windows Security under “App & browser control” -> “Exploit protection settings” -> “Program settings” a new custom rule for WSSADMIN.EXE was added. Prior to the update the rule wasn’t there.
Now I have found out 2 ways to fix the problem. Method 1 is to just delete the custom rule. Method 2 is to change the rule, overwrite all system settings in the list and then disable everything. Afterwards the service did start, and another run of the Config Wizard made the server compliant again. The rule does not get added back luckily.
So maybe there are exceptions missing in the custom rule that prevent the service from starting?
Versions:
SharePoint SE (upgraded from August 2025 CU to September 2025 CU), early release
Windows Server 2025
SQL Server 2022 (running on Windows Server 2025)
Permalink
Hi Simon,
the crash seems to occur in an injected dll owned by Windows Defender.
It would be great if please open a support case for this to allow us to investigate this issue!
Cheers,
Stefan
Permalink
Had the same error: SharePoint Administration failed to start, blocked by Windows Exploit Protection. After changing the rule and disable everything, the Windows Service started again. So I was able to get Search to work again (it stucked on Administrative status: “Paused for:External request”).
Windows Server 2022, Build 26100.4946 (24H2, August CU).
Permalink
Hi Benjamin,
please open a ticket for this with Microsoft Support to allow us to investigate.
Cheers,
Stefan
Permalink
Hi Stefan,
After applying this update on our Acceptance environment the Central Admin homepage doesn’t load. Navigating to deeper CA sites works fine however.
See screenshot:
https://ibb.co/4gd37DV9
Permalink
Hi Martijn,
this is not a known issue. Did you run the SharePoint Configuration Wizard after applying the fix?
Cheers,
Stefan
Permalink
Nevermind. This seems to be caused by the fact that there is no MS Edge on the server, the Central Admin opens in Internet Explorer which I’m sure is not supported anymore.
I opened the CA from anther server with Edge and then the CA loads fine. I’ll ask the server admins to install Edge on the SharePoint servers.
Thanks for your quick reply.
Permalink
Hello everyone!
We’re experiencing a similar issue with a new installation of SP SE with the September CU.
Everything works fine in Edge, but in IE 11 (the default), the main page isn’t displaying.
Permalink
Hi Sergey,
The default browser for SPSE should be Edge.
I would recommend to adjust.
Cheers,
Stefan
Permalink
Error 500 due to SPRequestFilterModule in web.config:
The following line was added to our web.config following the Sep 2025 update. Unfortunately, on my production multiserver farm, this seems to cause the front end web servers to error out with Error 500.
Microsoft Copilot referred me to this article from 2023, which indicates that we may need to register the module in application.config.
https://blog.stefan-gossner.com/2023/10/17/trending-issue-module-sprequestfiltermodule-could-not-be-found-after-september-october-2023-cu/
Permalink
Hi William,
did this article help?
If not, run this powershell command to check the configuration:
Test-DefenderAndAmsiWorkProperly
If there is no problem reported, please check the ULS log for the correlation ID of the 500 server error to check for more details.
Cheers,
Stefan
Permalink
Stefan,
The article was helpful.Registering the SPRequestFilterModule in application.config resolved the issue.
Permalink
Perfect! Thanks for the confirmation.
🙂
Permalink
I had the same issue on one of four servers, I assume this was caused because I only fixed it locally in the web.config before instead of in the applicationhost config.
Permalink
Ever since the July updates, I am getting tons of critical and error level events logged such as the one below:
The Execute method of job definition Microsoft.Office.Server.Search.Administration.QueryLogJobDefinition (ID 54ccc262-5145-4857-a3a8-78213b56e887) threw an exception. More information is included below.
Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached.. (Correlation=a282caa1-f536-f02c-73a3-4c64afd447ba)
These did not occur with the June updates. Any idea to the cause?
Permalink
Michael, I have the same issue. Also sometimes crawls hang because of this issue. Restarting the Service solves the issue usually for a few days.
Permalink
I can only encourage everyone affected to open a ticket with Microsoft Support – if not already done.