August 28, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Cisco Splunk Products Vulnerabilities
July 10, 2025
Veeam Patches Critical RCE Flaw in Backup and Replication Software
July 10, 2025
Multiple Cisco Splunk Products Vulnerabilities
July 10, 2025
Veeam Patches Critical RCE Flaw in Backup and Replication Software
July 10, 2025
Severity
High
Analysis Summary
CVE-2025-49695 CVSS:8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49696 CVSS:8.4
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49697 CVSS:8.4
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49702 CVSS:7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49704 CVSS:8.8
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-48812 CVSS:5.5
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-49711 CVSS:7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-47994 CVSS:7.8
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
Impact
- Code Execution
- Information Disclosure
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2025-49695
- CVE-2025-49696
- CVE-2025-49697
- CVE-2025-49702
- CVE-2025-49704
- CVE-2025-48812
- CVE-2025-49711
- CVE-2025-47994
Affected Vendors
- Microsoft
Affected Products
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft Office Online Server
- Microsoft Office LTSC for Mac 2021
- Microsoft Office for Android
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Office 2016 (32-bit edition)
- Microsoft Office 2016 (64-bit edition)
- Microsoft Office 2019 for 32-bit editions
- Microsoft Office 2019 for 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit editions
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Office LTSC 2024 for 64-bit editions
- Microsoft Office LTSC 2024 for 32-bit editions
- Microsoft Office LTSC for Mac 2024
- Microsoft Excel 2016 (64-bit edition)
- Microsoft Excel 2016 (32-bit edition)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.