Severity
High
Analysis Summary
CVE-2025-26682 CVSS:7.5
Microsoft ASP.NET Core and Visual Studio are vulnerable to a denial of service, caused by alocation of resources without limits or throttling in ASP.NET Core.
CVE-2025-29816 CVSS:7.5
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
Impact
- Denial of Service
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-26682
CVE-2025-29816
Affected Vendors
- Microsoft
Affected Products
- Microsoft 365 Apps for Enterprise - 16.0.1
- Microsoft Office 2019 - 19.0.0
- Microsoft Office LTSC 2021 - 16.0.1
- Microsoft Visual Studio 2022 version 17.10 - 17.10
- Microsoft Visual Studio 2022 version 17.8 - 17.8.0
- Microsoft Microsoft Office LTSC 2024 - 1.0.0
- Microsoft Visual Studio 2022 version 17.12 - 17.0
- Microsoft ASP.NET Core 8.0 - 1.0.0
- Microsoft ASP.NET Core 9.0 - 1.0.0
- Microsoft Microsoft Visual Studio 2022 version 17.13 - 17.10
- Microsoft Office LTSC for Mac 2021 - N/A
- Microsoft Office LTSC for Mac 2024 - N/A
- Microsoft Office 2016 - 16.0.0
- Microsoft Word 2016 - 16.0.1
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.