CVE-2025-26629Use After Free in Microsoft 365 Apps FOR Enterprise

CWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 35.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft 365 Apps FOR EnterpriseMicrosoft Office Ltsc 2024Microsoft Office Long Term Servicing Channel
Timeline
PublishedMar 11

Description

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/microsoft_office_ltsc_202416.0.0https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1https://aka.ms/OfficeSecurityReleases

🔴Vulnerability Details

2
GHSA
GHSA-wvf7-94g7-p6gg: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally2025-03-11
CVEList
Microsoft Office Remote Code Execution Vulnerability2025-03-11

📋Vendor Advisories

1
Microsoft
Microsoft Office Remote Code Execution Vulnerability2025-03-11

🕵️Threat Intelligence

1
Bleepingcomputer
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws2025-03-11
CVE-2025-26629 — Use After Free in Microsoft | cvebase