CVE-2025-29978Use After Free in Microsoft 365 Apps FOR Enterprise

CWE-416Use After Free4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 26.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft 365 Apps FOR EnterpriseMicrosoft Office Ltsc 2024Microsoft Office Long Term Servicing Channel
Timeline
PublishedMay 13

Description

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/microsoft_office_ltsc_202416.0.0https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1https://aka.ms/OfficeSecurityReleases

🔴Vulnerability Details

2
CVEList
Microsoft PowerPoint Remote Code Execution Vulnerability2025-05-13
GHSA
GHSA-pw39-c9gh-q6gr: Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally2025-05-13

📋Vendor Advisories

1
Microsoft
Microsoft PowerPoint Remote Code Execution Vulnerability2025-05-13
CVE-2025-29978 — Use After Free in Microsoft | cvebase