Request a Demo
Rewterz
SparkKitty Malware Targets iOS and Android to Steal Gallery Photos – Active IOCs
July 10, 2025
Rewterz
DoNot APT Targets European Ministry with Stealthy Espionage Campaign – Active IOCs
July 11, 2025

Multiple Microsoft Office Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-49699 CVSS:7

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-49705 CVSS:7.8

Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2025-49701 CVSS:8.8

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-49706 CVSS:6.3

Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2025-49756 CVSS:3.3

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.

CVE-2025-49698 CVSS:7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-49700 CVSS:7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-49703 CVSS:7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Impact

  • Gain Access
  • Code Execution
  • Security Bypass

Indicators of Compromise

CVE

  • CVE-2025-49699
  • CVE-2025-49705
  • CVE-2025-49701
  • CVE-2025-49706
  • CVE-2025-49756
  • CVE-2025-49698
  • CVE-2025-49700
  • CVE-2025-49703

Affected Vendors

  • Microsoft

Affected Products

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft Office LTSC for Mac 2021
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft Office 2019 for 32-bit editions
  • Microsoft Office 2019 for 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit editions
  • Microsoft Office LTSC 2021 for 64-bit editions
  • Microsoft Outlook 2016 (32-bit edition)
  • Microsoft Outlook 2016 (64-bit edition)
  • Microsoft Office LTSC 2024 for 64-bit editions
  • Microsoft Office LTSC 2024 for 32-bit editions
  • Microsoft Office LTSC for Mac 2024
  • Microsoft Word 2016 (64-bit edition)
  • Microsoft Word 2016 (32-bit edition)
  • Microsoft PowerPoint 2016 (64-bit edition)
  • Microsoft PowerPoint 2016 (32-bit edition)

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-49699

CVE-2025-49705

CVE-2025-49701

CVE-2025-49706

CVE-2025-49756

CVE-2025-49698

CVE-2025-49700

CVE-2025-49703