CVE-2025-49756Use of a Broken or Risky Cryptographic Algorithm in Microsoft 365 Apps FOR Enterprise

CWE-327Use of a Broken or Risky Cryptographic Algorithm4 documents4 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 79.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft 365 Apps FOR Enterprise
Timeline
PublishedJul 8

Description

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 0.8 | Impact: 2.5

Affected Packages1 packages

CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1https://aka.ms/OfficeSecurityReleases

🔴Vulnerability Details

2
GHSA
GHSA-gfj7-mwjw-jmhf: Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally2025-07-08
CVEList
Office Developer Platform Security Feature Bypass Vulnerability2025-07-08

📋Vendor Advisories

1
Microsoft
Office Developer Platform Security Feature Bypass Vulnerability2025-07-08
CVE-2025-49756 — Microsoft vulnerability | cvebase