CVE-2025-49699: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

high7CVSS 3.1

AVLACHPRNUIRSUCHIHAH

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected

31 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	microsoft_365_apps_for_enterprise	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_2019	>= 19.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_2021	>= 16.0.1 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_2024	>= 16.0.0 < https://aka.ms/OfficeSecurityReleases	https://aka.ms/OfficeSecurityReleases
microsoft	microsoft_office_ltsc_for_mac_2021	>= 16.0.1 < 16.99.25071321	16.99.25071321
microsoft	microsoft_office_ltsc_for_mac_2024	>= 16.0.0 < 16.99.25071321	16.99.25071321
microsoft	microsoft_outlook_2016	>= 16.0.0.0 < 16.0.5508.1002	16.0.5508.1002
microsoft	microsoft_powerpoint_2016	>= 16.0.0 < 16.0.5508.1000	16.0.5508.1000
microsoft	microsoft_word_2016	>= 16.0.1 < 16.0.5508.1000	16.0.5508.1000
microsoft	office	—	—
microsoft	office_long_term_servicing_channel	—	—
microsoft	office_long_term_servicing_channel	—	—
microsoft	outlook	—	—
microsoft	powerpoint	—	—
microsoft	word	—	—
msrc	cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0	—	—
msrc	cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0	—	—
msrc	cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0	—	—
msrc	microsoft_365_apps_for_enterprise_for_32-bit_systems	—	—
msrc	microsoft_365_apps_for_enterprise_for_64-bit_systems	—	—
msrc	microsoft_office_2019_for_32-bit_editions	—	—
msrc	microsoft_office_2019_for_64-bit_editions	—	—
msrc	microsoft_office_ltsc_2021_for_32-bit_editions	—	—
msrc	microsoft_office_ltsc_2021_for_64-bit_editions	—	—
msrc	microsoft_office_ltsc_2024_for_32-bit_editions	—	—