Request a Demo
Rewterz
Multiple Cisco Splunk Products Vulnerabilities
July 10, 2025
Rewterz
Veeam Patches Critical RCE Flaw in Backup and Replication Software
July 10, 2025

Multiple Microsoft Office Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-49695 CVSS:8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-49696 CVSS:8.4

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-49697 CVSS:8.4

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-49702 CVSS:7.8

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-49704 CVSS:8.8

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-48812 CVSS:5.5

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-49711 CVSS:7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-47994 CVSS:7.8

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

Impact

  • Code Execution
  • Information Disclosure
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2025-49695
  • CVE-2025-49696
  • CVE-2025-49697
  • CVE-2025-49702
  • CVE-2025-49704
  • CVE-2025-48812
  • CVE-2025-49711
  • CVE-2025-47994

Affected Vendors

  • Microsoft

Affected Products

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft Office Online Server
  • Microsoft Office LTSC for Mac 2021
  • Microsoft Office for Android
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft Office 2016 (32-bit edition)
  • Microsoft Office 2016 (64-bit edition)
  • Microsoft Office 2019 for 32-bit editions
  • Microsoft Office 2019 for 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit editions
  • Microsoft Office LTSC 2021 for 64-bit editions
  • Microsoft Office LTSC 2024 for 64-bit editions
  • Microsoft Office LTSC 2024 for 32-bit editions
  • Microsoft Office LTSC for Mac 2024
  • Microsoft Excel 2016 (64-bit edition)
  • Microsoft Excel 2016 (32-bit edition)

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-49695

CVE-2025-49696

CVE-2025-49697

CVE-2025-49702

CVE-2025-49704

CVE-2025-48812

CVE-2025-49711

CVE-2025-47994