Heap-based Buffer Overflow in Microsoft Graphics Component
CVE-2025-60724

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Office Ltsc For Mac 2021; Microsoft Office For Android; Microsoft Office Ltsc For Mac 2024; Windows 10 Version 1809
Vendor: CVE Published:; 11 November 2025

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-60724?

A vulnerability within the Microsoft Graphics Component has been identified, characterized by a heap-based buffer overflow. This flaw allows unauthorized attackers to execute arbitrary code over a network, potentially compromising significant data integrity and confidentiality. Affected users are urged to apply the latest patches to mitigate this risk and enhance their system's overall security.

Affected Version(s)

Microsoft Office for Android Unknown 16.0.1 < 16.0.19426.20044

Microsoft Office LTSC for Mac 2021 Unknown 16.0.1 < 16.103.25110922

Microsoft Office LTSC for Mac 2024 Unknown 16.0.0 < 16.103.25110922

News Articles

Malwarebytes

CVE-2025-60724

Update now: November Patch Tuesday fixes Windows zero-day exploited in the wild

This month’s Windows update closes several major security holes, including one that’s already being used by attackers. Make sure your PC is up to date.

3 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
Nov 12, 2025
👾
Exploit known to exist
Nov 12, 2025
📰
First article discovered by Malwarebytes
Nov 12, 2025
Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Sep 26, 2025

JSON