Request a Demo
Rewterz
ICS: Multiple Siemens Scalance Vulnerabilities
May 14, 2025
Rewterz
Multiple Fortinet Products Vulnerabilities
May 14, 2025

Multiple Microsoft Office Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-32705 CVSS:7.8

Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

CVE-2025-29977 CVSS:7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-30381 CVSS:7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-29978 CVSS:7.8

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2025-29979 CVSS:7.8

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-30375 CVSS:7.8

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-30376 CVSS:7.8

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-30377 CVSS:8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-30379 CVSS:7.8

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-32704 CVSS:8.4

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-30383 CVSS:7.8

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-30393 CVSS:7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-30386 CVSS:8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Impact

  • Code Execution

Indicators of Compromise

CVE

  • CVE-2025-32705
  • CVE-2025-29977
  • CVE-2025-30381
  • CVE-2025-29978
  • CVE-2025-29979
  • CVE-2025-30375
  • CVE-2025-30376
  • CVE-2025-30377
  • CVE-2025-30379
  • CVE-2025-32704
  • CVE-2025-30383
  • CVE-2025-30393
  • CVE-2025-30386

Affected Vendors

  • Microsoft

Affected Products

  • Microsoft 365 Apps for Enterprise - 16.0.1
  • Microsoft Office 2019 - 19.0.0
  • Microsoft Office LTSC 2021 - 16.0.1
  • Microsoft Office LTSC for Mac 2021 - 16.0.1
  • Microsoft Microsoft Office LTSC 2024 - 1.0.0
  • Microsoft Office LTSC for Mac 2024 - 1.0.0
  • Microsoft Excel 2016 - 16.0.0.0
  • Microsoft Office Online Server - 1.0.0
  • Microsoft Office 2016 - 16.0.0
  • Microsoft Office for Android - 16.0.1

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches

CVE-2025-32705

CVE-2025-29977

CVE-2025-30381

CVE-2025-29978

CVE-2025-29979

CVE-2025-30375

CVE-2025-30376

CVE-2025-30377

CVE-2025-30379

CVE-2025-32704

CVE-2025-30383

CVE-2025-30393

CVE-2025-30386