Heap-based Buffer Overflow in Microsoft Graphics Component
CVE-2025-60724

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Office Ltsc For Mac 2021; Microsoft Office For Android; Microsoft Office Ltsc For Mac 2024; Windows 10 Version 1809
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-60724?

A vulnerability within the Microsoft Graphics Component has been identified, characterized by a heap-based buffer overflow. This flaw allows unauthorized attackers to execute arbitrary code over a network, potentially compromising significant data integrity and confidentiality. Affected users are urged to apply the latest patches to mitigate this risk and enhance their system's overall security.

Affected Version(s)

Microsoft Office for Android Unknown 16.0.1 < 16.0.19426.20044

Microsoft Office LTSC for Mac 2021 Unknown 16.0.1 < 16.103.25110922

Microsoft Office LTSC for Mac 2024 Unknown 16.0.0 < 16.103.25110922

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Sep 26, 2025

JSON