Heap-Based Buffer Overflow Vulnerability in Microsoft Office Software
CVE-2025-54910
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 9 September 2025
What is CVE-2025-54910?
CVE-2025-54910 is a heap-based buffer overflow vulnerability found in Microsoft Office software. This flaw allows an unauthorized attacker to execute arbitrary code locally, potentially compromising the integrity and security of user systems and sensitive data. Microsoft Office is widely used for creating, editing, and sharing documents, spreadsheets, and presentations in various organizational settings. Consequently, this vulnerability poses a significant threat to businesses, as exploitation may lead to unauthorized access to corporate resources, data loss, and the installation of malicious software. The issue arises from improper handling of memory within the software, enabling attackers to overwrite data in adjacent memory locations, which can be triggered through crafted documents or files.
Potential Impact of CVE-2025-54910
-
Unauthorized Code Execution: The vulnerability allows attackers to execute arbitrary code on the affected system, which could lead to unauthorized access and manipulation of sensitive files and applications.
-
Data Breach Risks: Successful exploitation could result in data breaches, exposing sensitive organizational and personal information, which can lead to compliance violations and reputational damage.
-
Enhanced Malware Propagation: Exploitation of this vulnerability may facilitate the installation of malware, including ransomware, which can further compromise systems, disrupt operations, and incur significant remediation costs.
Affected Version(s)
Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1
Microsoft Office 2016 32-bit Systems 16.0.0 < 16.0.5517.1000
Microsoft Office 2019 32-bit Systems 19.0.0