KB5002786: Fixes a hybrid search issue

Description of the security update for SharePoint Server Subscription Edition: October 14, 2025 (KB5002786)

This security update resolves a Microsoft SharePoint remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories:

• Microsoft Common Vulnerabilities and Exposures CVE-2025-59237.
• Microsoft Common Vulnerabilities and Exposures CVE-2025-59228.

Improvements and fixes
This security update introduces the SharePoint Server Subscription Edition Version 25H2 feature update. This feature update will be included in all SharePoint Server Subscription Edition public updates going forward. For more information about this feature update, see New and improved features in SharePoint Server Subscription Edition Version 25H2.

This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server Subscription Edition:

• Fixes a compatibility issue that occurs if the Business Data Connectivity (BDC) external list is hosted in an Oracle database.
• To resolve update installation issues, the Write permission is now denied by default for the WSS_WPG and IIS_IUSRS groups on the LAYOUTS folder.
• If you experience a break in workflow functionality within Classic Workflow Manager, you can restore operations by running the following commands in the SharePoint Management Shell:

$farm = Get-SPFarm
$farm.ServerDebugFlags.Add(53601)
$farm.update()
iisreset

• Fixes a hybrid search issue. You can now configure the search service account without needing the Local Administrator privilege.
• Adds missing assemblies that Microsoft.Data.SqlClient requires in SharePoint Workflow Manager.
• Fixes a navigation issue that prevents the TAB key from moving between web part sections.
• Adds encryption settings to handle an unattached content database.
• Fixes an issue in which the Search Query Logging timer job doesn't release the SQL connections to the Search LinksStore database.