Security Feature Bypass in Microsoft Office OneNote
CVE-2025-29822

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Onenote
Vendor: CVE Published:; 8 April 2025

Summary

A vulnerability in Microsoft Office OneNote allows attackers to bypass security features due to an incomplete list of disallowed inputs. This flaw could enable unauthorized manipulation and potential exploitation of the application, raising serious concerns about data integrity and user security. It is crucial for organizations using OneNote to review their security practices and apply necessary updates to mitigate the risk.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Mar 11, 2025