August 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SparkKitty Malware Targets iOS and Android to Steal Gallery Photos – Active IOCs
July 10, 2025
DoNot APT Targets European Ministry with Stealthy Espionage Campaign – Active IOCs
July 11, 2025
SparkKitty Malware Targets iOS and Android to Steal Gallery Photos – Active IOCs
July 10, 2025
DoNot APT Targets European Ministry with Stealthy Espionage Campaign – Active IOCs
July 11, 2025
Severity
High
Analysis Summary
CVE-2025-49699 CVSS:7
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49705 CVSS:7.8
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-49701 CVSS:8.8
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49706 CVSS:6.3
Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2025-49756 CVSS:3.3
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
CVE-2025-49698 CVSS:7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49700 CVSS:7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49703 CVSS:7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Impact
- Gain Access
- Code Execution
- Security Bypass
Indicators of Compromise
CVE
- CVE-2025-49699
- CVE-2025-49705
- CVE-2025-49701
- CVE-2025-49706
- CVE-2025-49756
- CVE-2025-49698
- CVE-2025-49700
- CVE-2025-49703
Affected Vendors
- Microsoft
Affected Products
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft Office LTSC for Mac 2021
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Office 2019 for 32-bit editions
- Microsoft Office 2019 for 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit editions
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Outlook 2016 (32-bit edition)
- Microsoft Outlook 2016 (64-bit edition)
- Microsoft Office LTSC 2024 for 64-bit editions
- Microsoft Office LTSC 2024 for 32-bit editions
- Microsoft Office LTSC for Mac 2024
- Microsoft Word 2016 (64-bit edition)
- Microsoft Word 2016 (32-bit edition)
- Microsoft PowerPoint 2016 (64-bit edition)
- Microsoft PowerPoint 2016 (32-bit edition)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.