Remote Code Execution Vulnerability in Microsoft Office Products
CVE-2025-26629

7.8HIGH

Key Information:

Vendor
Microsoft
Vendor
CVE Published:
11 March 2025

Summary

A use-after-free vulnerability has been identified in Microsoft Office, which may allow unauthorized attackers to execute arbitrary code on affected systems. This flaw arises from improper handling of memory in the application, potentially leading to security breaches. Users are encouraged to apply the latest updates provided by Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office LTSC 2024 32-bit Systems 1.0.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.