~/cve/CVE-2025-47994

pipeline liveDigest Docs

CVE-2025-47994

published 2025-07-08

CVE-2025-47994: Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

high8.6CVSS 3.1

AVLACLPRNUIRSCCHIHAH

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

Affected

19 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_365_apps_for_enterprise	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_2016	>= 16.0.0 < 16.0.5508.1001	16.0.5508.1001
microsoft	microsoft_office_2019	>= 19.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_2021	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_2024	>= 16.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	office	—	—
microsoft	office	—	—
microsoft	office_long_term_servicing_channel	—	—
microsoft	office_long_term_servicing_channel	—	—
microsoft	sharepoint_enterprise_server	—	—
msrc	microsoft_365_apps_for_enterprise_for_32-bit_systems	—	—
msrc	microsoft_365_apps_for_enterprise_for_64-bit_systems	—	—
msrc	microsoft_office_2016	—	—
msrc	microsoft_office_2019_for_32-bit_editions	—	—
msrc	microsoft_office_2019_for_64-bit_editions	—	—
msrc	microsoft_office_ltsc_2021_for_32-bit_editions	—	—
msrc	microsoft_office_ltsc_2021_for_64-bit_editions	—	—
msrc	microsoft_office_ltsc_2024_for_32-bit_editions	—	—
msrc	microsoft_office_ltsc_2024_for_64-bit_editions	—	—