Severity
High
Analysis Summary
CVE-2025-62554 CVSS:8.4
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62557 CVSS:8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62562 CVSS:7.8
Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
CVE-2025-62552 CVSS:7.8
Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.
Impact
- Code Execution
Indicators of Compromise
CVE
CVE-2025-62554
CVE-2025-62557
CVE-2025-62562
CVE-2025-62552
Affected Vendors
- Microsoft
Affected Products
- Microsoft Office LTSC for Mac 2021
- Microsoft Office for Android
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Office 2019 for 32-bit editions
- Microsoft Office 2019 for 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit editions
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Access 2016 (64-bit edition)
- Microsoft Access 2016 (32-bit edition)
- Microsoft Office LTSC 2024 for 64-bit editions
- Microsoft Office LTSC 2024 for 32-bit editions
- Microsoft Office LTSC for Mac 2024
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.