Severity
High
Analysis Summary
CVE-2025-47959 CVSS:7.1
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
CVE-2025-30399 CVSS:7.5
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2025-32717 CVSS:8.4
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-32711 CVSS:9.3
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-47977 CVSS:7.6
Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-47969 CVSS:4.4
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
Impact
- Code Execution
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2025-47959
CVE-2025-30399
CVE-2025-32717
CVE-2025-32711
CVE-2025-47977
CVE-2025-47969
Affected Vendors
- Microsoft
Affected Products
- Microsoft 365 Apps for Enterprise x32
- Microsoft Visual Studio Code
- Microsoft .NET 8.0
- Microsoft Windows Server 2025 - 10.0.26100.0 - 10.0.26100.4061
- Microsoft .net 9.0
- Microsoft visual studio 2022 version 17.12
- Microsoft visual studio 2022 - 17.8
- Microsoft visual studio 2022 - 17.10
- Microsoft 365 Capilot
- Microsoft nuance digital engagement platform
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.