cbcvebase.
CVE-2025-49697
published 2025-07-08

CVE-2025-49697: Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftmicrosoft_365_apps_for_enterprise>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_2016>= 16.0.0 < 16.0.5508.100116.0.5508.1001
microsoftmicrosoft_office_2019>= 19.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_for_android>= 16.0.1 < 16.0.19029.2000016.0.19029.20000
microsoftmicrosoft_office_ltsc_2021>= 16.0.1 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_2024>= 16.0.0 < https://aka.ms/OfficeSecurityReleaseshttps://aka.ms/OfficeSecurityReleases
microsoftmicrosoft_office_ltsc_for_mac_2021>= 16.0.1 < 16.99.2507132116.99.25071321
microsoftmicrosoft_office_ltsc_for_mac_2024>= 16.0.0 < 16.99.2507132116.99.25071321
microsoftoffice
microsoftoffice
microsoftoffice_long_term_servicing_channel
microsoftoffice_long_term_servicing_channel
microsoftoffice_online_server< 16.0.10417.2002716.0.10417.20027
microsoftoffice_online_server>= 16.0.0.0 < 16.0.10417.2002716.0.10417.20027
msrcmicrosoft_365_apps_for_enterprise_for_32-bit_systems
msrcmicrosoft_365_apps_for_enterprise_for_64-bit_systems
msrcmicrosoft_office_2016
msrcmicrosoft_office_2019_for_32-bit_editions
msrcmicrosoft_office_2019_for_64-bit_editions
msrcmicrosoft_office_for_android
msrcmicrosoft_office_ltsc_2021_for_32-bit_editions
msrcmicrosoft_office_ltsc_2021_for_64-bit_editions
msrcmicrosoft_office_ltsc_2024_for_32-bit_editions
msrcmicrosoft_office_ltsc_2024_for_64-bit_editions
msrcmicrosoft_office_ltsc_for_mac_2021