SharePoint security fixes released with November 2025 PU and offered through Microsoft Update

Stefan Goßner - November 11, 2025 - 9 Comments

Important: If your current farm patch level is September 2025 CU, remove the NT Authoritysystem account from WSS_WPG and IIS_IUSRS local security groups of the SharePoint machines – otherwise installing the SharePoint fixes will fail.

For more details check this article: Trending Issue: SharePoint fixes fail to install after installation of September 2025 CU

Below are the security fixes for the SharePoint OnPrem versions released this month.

SharePoint Server 2016:

KB 5002805 – SharePoint Server 2016 (language independent)

Microsoft Support recommends to install the complete November 2025 CU for SharePoint 2016 rather than individual security fixes.

SharePoint Server 2019:

KB 5002803 – SharePoint Server 2019 (language independent)

Microsoft Support recommends to install the complete November 2025 CU for SharePoint 2019 rather than individual security fixes.

SharePoint Server Subscription Edition:

KB 5002800 – SharePoint Server Subscription Edition

This security fix is identical with November 2025 CU for SharePoint Server Subscription Edition.

Office Online Server:

KB 5002801 – Office Online Server

More information:

KB 5071102 – November 2025 updates for Microsoft Office

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

Security Vulnerabilities fixed in this PU

Vulnerability	SP 2016	SP 2019	SP SE	OOS	Impact	Max Severity
CVE-2025-60726				x	Information Disclosure	Important
CVE-2025-60727				x	Remote Code Execution	Important
CVE-2025-62200				x	Remote Code Execution	Important
CVE-2025-62201				x	Remote Code Execution	Important
CVE-2025-62202				x	Information Disclosure	Important
CVE-2025-62203				x	Remote Code Execution	Important
CVE-2025-62204	x	x	x		Remote Code Execution	Important

See the Security Update Guide below for more details about the relevant fixes:

Security Update Guide

9 Comments

Simon
On 18. November 2025 Permalink

We have SharePoint SE server – single server Farm (October 2025 CU). Everything seems to work OK.
I have a problem with SharePoint November CU update. Install and configuration is working without errors, but server is broken afterwards.
I have a problem with removing Local service account from SharePoint server, because SharePoint Administration service is running as Local service account. I changed all other SharePoint services to run as domain accounts (as written in
https://blog.stefan-gossner.com/2025/09/11/trending-issue-sharepoint-fixes-fail-to-install-after-installation-of-september-2025-cu/)
I really don’t know what should I do…..
Any help would be appreciated.
Thanks.

Reply
1. Stefan Goßner
  On 18. November 2025 Permalink
  
  Hi Simon,
  if the installation completed without an error, you are fine and don’t have to bother about the local system account.
  What do you mean with “broken”?
  Cheers,
  Stefan
  
  Reply
2. Mattias
  On 20. November 2025 Permalink
  
  Hi Simon!
  
  One of the single server SharePoint SE farms I am managing “broke” after patching with October CU last month. And by broke I mean that when accessing CA or root-site on web application I got 500 internal server error. For me, both the installation of binaries and PS-config went thru without any error at all. After extensive troubleshooting that ended up with a ticket to MS we found out that the SPRequestFilterModule in IIS was empty.
  
  The description of the issue and the solution is described in this article by Stefan:
  https://blog.stefan-gossner.com/2023/10/17/trending-issue-module-sprequestfiltermodule-could-not-be-found-after-september-october-2023-cu/
  
  I hope you have the same issue that I had, and that this helps.
  
  Regards
  Mattias
  
  Reply
  1. carl
    On 25. November 2025 Permalink
    
    Same happened on one of mine (july CU to nov CU jump) – seems strange for an issue almost 2 years old.
    
    Reply
    1. Stefan Goßner
      On 25. November 2025 Permalink
      
      Hi Carl,
      no this is not strange. It happens if you disabled AMSI in the past. Since September CU AMSI is always enabled and cannot be disabled.
      So AMSI configuration problems will now suddenly show up if they were not resolved before.
      Cheers,
      Stefan
      
      Reply
      1. Mattias
        On 25. November 2025 Permalink
        
        Hi!
        
        Just to add to your comment Stefan, AMSI was configured and enabled on full mode for the environment I had the issue.
        
        Regards
        Mattias
3. Simon
  On 11. December 2025 Permalink
  
  I installed December updated and everything works OK!!!
  So, I think that the problem was in November update.
  
  Regards,
  
  Simon
  
  Reply
Lukasz Walkowicz
On 9. December 2025 Permalink

We observe intermittent bursts of “A process serving application pool ‘APP POOL NAME’ suffered a fatal communication error with the Windows Process Activation Service” System Error 5011 on our minrole WFE with DC servers. This sometimes exceeds 10 times within 5 minutes interval and therefore triggers the Rapid-Fail on the app pool, causing 503 for the users. Since the timings are totally random (day or night) and process IDs are different each time it is rather hard to pinpoint exact cause for this.

Reply
1. Stefan Goßner
  On 9. December 2025 Permalink
  
  Hi Lukasz,
  there is a large number of possibilities which can cause this.
  I would suggest to open a support case with Microsoft to get this analyzed.
  Cheers,
  Stefan
  
  Reply

Share this:

9 Comments

Leave a Reply Cancel reply