August 28, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Multiple Siemens Scalance Vulnerabilities
May 14, 2025
Multiple Fortinet Products Vulnerabilities
May 14, 2025
ICS: Multiple Siemens Scalance Vulnerabilities
May 14, 2025
Multiple Fortinet Products Vulnerabilities
May 14, 2025
Severity
High
Analysis Summary
CVE-2025-32705 CVSS:7.8
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
CVE-2025-29977 CVSS:7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30381 CVSS:7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29978 CVSS:7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-29979 CVSS:7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30375 CVSS:7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30376 CVSS:7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30377 CVSS:8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30379 CVSS:7.8
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-32704 CVSS:8.4
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30383 CVSS:7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30393 CVSS:7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30386 CVSS:8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2025-32705
- CVE-2025-29977
- CVE-2025-30381
- CVE-2025-29978
- CVE-2025-29979
- CVE-2025-30375
- CVE-2025-30376
- CVE-2025-30377
- CVE-2025-30379
- CVE-2025-32704
- CVE-2025-30383
- CVE-2025-30393
- CVE-2025-30386
Affected Vendors
- Microsoft
Affected Products
- Microsoft 365 Apps for Enterprise - 16.0.1
- Microsoft Office 2019 - 19.0.0
- Microsoft Office LTSC 2021 - 16.0.1
- Microsoft Office LTSC for Mac 2021 - 16.0.1
- Microsoft Microsoft Office LTSC 2024 - 1.0.0
- Microsoft Office LTSC for Mac 2024 - 1.0.0
- Microsoft Excel 2016 - 16.0.0.0
- Microsoft Office Online Server - 1.0.0
- Microsoft Office 2016 - 16.0.0
- Microsoft Office for Android - 16.0.1
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches