Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-49756 (GCVE-0-2025-49756)
Vulnerability from cvelistv5 – Published: 2025-07-08 16:57 – Updated: 2025-08-23 00:39
VLAI?
EPSS
Summary
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
Severity ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T13:55:35.895163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T13:55:41.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T00:39:47.308Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Office Developer Platform Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756"
}
],
"title": "Office Developer Platform Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-49756",
"datePublished": "2025-07-08T16:57:27.411Z",
"dateReserved": "2025-06-09T22:49:37.620Z",
"dateUpdated": "2025-08-23T00:39:47.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-49756\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-07-08T17:16:04.020\",\"lastModified\":\"2025-07-10T13:18:53.830\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.\"},{\"lang\":\"es\",\"value\":\"El uso de un algoritmo criptogr\u00e1fico roto o riesgoso en Office Developer Platform permite a un atacante autorizado eludir una funci\u00f3n de seguridad localmente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756\",\"source\":\"secure@microsoft.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49756\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-09T13:55:35.895163Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-09T13:55:38.838Z\"}}], \"cna\": {\"title\": \"Office Developer Platform Security Feature Bypass Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft 365 Apps for Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.1\", \"lessThan\": \"https://aka.ms/OfficeSecurityReleases\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}], \"datePublic\": \"2025-07-08T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756\", \"name\": \"Office Developer Platform Security Feature Bypass Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-327\", \"description\": \"CWE-327: Use of a Broken or Risky Cryptographic Algorithm\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"https://aka.ms/OfficeSecurityReleases\", \"versionStartIncluding\": \"16.0.1\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-08-18T17:50:51.771Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-49756\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-18T17:50:51.771Z\", \"dateReserved\": \"2025-06-09T22:49:37.620Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-07-08T16:57:27.411Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-49756
Vulnerability from fkie_nvd - Published: 2025-07-08 17:16 - Updated: 2025-07-10 13:18
Severity ?
Summary
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally."
},
{
"lang": "es",
"value": "El uso de un algoritmo criptogr\u00e1fico roto o riesgoso en Office Developer Platform permite a un atacante autorizado eludir una funci\u00f3n de seguridad localmente."
}
],
"id": "CVE-2025-49756",
"lastModified": "2025-07-10T13:18:53.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-07-08T17:16:04.020",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
GHSA-GFJ7-MWJW-JMHF
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI?
Details
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2025-49756"
],
"database_specific": {
"cwe_ids": [
"CWE-327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:16:04Z",
"severity": "LOW"
},
"details": "Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.",
"id": "GHSA-gfj7-mwjw-jmhf",
"modified": "2025-07-08T18:31:51Z",
"published": "2025-07-08T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49756"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
CERTFR-2025-AVI-0576
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Outlook 2016 (édition 32 bits) versions antérieures à 16.0.5508.1002 | ||
| Microsoft | N/A | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Office LTSC pour Mac 2024 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | N/A | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Outlook 2016 (édition 64 bits) versions antérieures à 16.0.5508.1002 | ||
| Microsoft | N/A | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft PowerPoint 2016 (édition 32 bits) versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft PowerPoint 2016 (édition 64 bits) versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | N/A | Microsoft Office pour Android versions antérieures à 16.0.19029.20000 | ||
| Microsoft | N/A | Office Online Server versions antérieures à 16.0.10417.20027 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1002",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1002",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.19029.20000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20027",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-47994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47994"
},
{
"name": "CVE-2025-49696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49696"
},
{
"name": "CVE-2025-49702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49702"
},
{
"name": "CVE-2025-49705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49705"
},
{
"name": "CVE-2025-49700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49700"
},
{
"name": "CVE-2025-49711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49711"
},
{
"name": "CVE-2025-49698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49698"
},
{
"name": "CVE-2025-49697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49697"
},
{
"name": "CVE-2025-49695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49695"
},
{
"name": "CVE-2025-49703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49703"
},
{
"name": "CVE-2025-49756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49756"
},
{
"name": "CVE-2025-49699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49699"
},
{
"name": "CVE-2025-48812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48812"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0576",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49705",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49705"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49711",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49711"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-48812",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48812"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49702",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49702"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49695",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49695"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49697",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49697"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49699",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49699"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49696",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49696"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49700",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49700"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47994",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47994"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49756",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49698",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49698"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49703",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49703"
}
]
}
CERTFR-2025-AVI-0576
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Outlook 2016 (édition 32 bits) versions antérieures à 16.0.5508.1002 | ||
| Microsoft | N/A | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Office LTSC pour Mac 2024 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | N/A | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Outlook 2016 (édition 64 bits) versions antérieures à 16.0.5508.1002 | ||
| Microsoft | N/A | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft PowerPoint 2016 (édition 32 bits) versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5508.1001 | ||
| Microsoft | N/A | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft PowerPoint 2016 (édition 64 bits) versions antérieures à 16.0.5508.1000 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | N/A | Microsoft Office pour Android versions antérieures à 16.0.19029.20000 | ||
| Microsoft | N/A | Office Online Server versions antérieures à 16.0.10417.20027 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1002",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1002",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5508.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.19029.20000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20027",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-47994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47994"
},
{
"name": "CVE-2025-49696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49696"
},
{
"name": "CVE-2025-49702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49702"
},
{
"name": "CVE-2025-49705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49705"
},
{
"name": "CVE-2025-49700",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49700"
},
{
"name": "CVE-2025-49711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49711"
},
{
"name": "CVE-2025-49698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49698"
},
{
"name": "CVE-2025-49697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49697"
},
{
"name": "CVE-2025-49695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49695"
},
{
"name": "CVE-2025-49703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49703"
},
{
"name": "CVE-2025-49756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49756"
},
{
"name": "CVE-2025-49699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49699"
},
{
"name": "CVE-2025-48812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48812"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0576",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49705",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49705"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49711",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49711"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-48812",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48812"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49702",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49702"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49695",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49695"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49697",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49697"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49699",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49699"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49696",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49696"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49700",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49700"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47994",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47994"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49756",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49698",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49698"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-49703",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49703"
}
]
}
MSRC_CVE-2025-49756
Vulnerability from csaf_microsoft - Published: 2025-07-08 07:00 - Updated: 2025-07-08 07:00Summary
Office Developer Platform Security Feature Bypass Vulnerability
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.
{
"document": {
"acknowledgments": [
{
"names": [
"Anonymous with Microsoft"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756"
},
{
"category": "self",
"summary": "CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-49756.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Office Developer Platform Security Feature Bypass Vulnerability",
"tracking": {
"current_release_date": "2025-07-08T07:00:00.000Z",
"generator": {
"date": "2025-08-23T00:39:18.797Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-49756",
"initial_release_date": "2025-07-08T07:00:00.000Z",
"revision_history": [
{
"date": "2025-07-08T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
"product_id": "11762"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003chttps://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "https://aka.ms/OfficeSecurityReleases",
"product": {
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
"product_id": "11763"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-49756",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "To successfully exploit this vulnerability, an attacker would need to gain elevated privileges enabling them to perform file operations in directories they would not normally be able to access or perform.",
"title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.",
"title": "According to the CVSS metric, the attack vector is local (AV:L), privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?"
},
{
"category": "faq",
"text": "An attacker is only able to compromise files that they were allowed access to as part of their initial privilege but cannot affect the availability of the browser.",
"title": "According to the CVSS metric, Confidentiality and Integrity are rated as Low and Availability is None (C:L, I:L, A:N). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nAdditionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.",
"title": "How could an attacker exploit this vulnerability?"
},
{
"category": "faq",
"text": "An attacker who successfully exploited this vulnerability could bypass the Office Visual Basic for Applications (VBA) signature scheme.",
"title": "What kind of security feature could be bypassed by successfully exploiting this vulnerability?"
},
{
"category": "faq",
"text": "No, the Preview Pane is not an attack vector.",
"title": "Is the Preview Pane an attack vector for this vulnerability?"
}
],
"product_status": {
"fixed": [
"11762",
"11763"
],
"known_affected": [
"1",
"2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756"
},
{
"category": "self",
"summary": "CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-49756.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-08T07:00:00.000Z",
"details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates",
"product_ids": [
"2",
"1"
],
"url": "https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.9,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Security Feature Bypass"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Office Developer Platform Security Feature Bypass Vulnerability"
}
]
}
WID-SEC-W-2025-1491
Vulnerability from csaf_certbund - Published: 2025-07-08 22:00 - Updated: 2025-07-22 22:00Summary
Microsoft Office: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Excel ist ein Tabellenkalkulationsprogramm der Microsoft Office Suite und ist sowohl für Microsoft Windows als auch für Mac OS verfügbar.
Microsoft PowerPoint ist ein Programm zum Erstellen und Vorführen von Präsentationen. PowerPoint Viewer ist ein Anzeigeprogramm für PowerPoint Dateien.
Microsoft Word ist ein Textverarbeitungsprogramm der Firma Microsoft für die Windows-Betriebssysteme.
Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.
Outlook ist ein Personal Information Manager von Microsoft und ist Bestandteil der Office Suite.
Microsoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt.
Microsoft Sharepoint Services ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. über Webseiten zur Verfügung gestellt.
Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt.
Microsoft 365 Apps ist eine Office Suite für zahlreiche Büroanwendungen.
Microsoft Teams ist ein Kollaborations-, Kommunikations- und Videokonferenz-Tool.
Angriff
Ein entfernter, authentisierter Angreifer oder ein lokaler Angreifer kann mehrere Schwachstellen in Microsoft Excel 2016, Microsoft PowerPoint 2016, Microsoft Word 2016, Microsoft Office 2016, Microsoft Outlook 2016, Microsoft Office Online Server, Microsoft SharePoint, Microsoft Office 2019, Microsoft SharePoint Server 2019, Microsoft 365 Apps, Microsoft Teams und Microsoft Office ausnutzen, um Administratorrechte zu erlangen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und Spoofing-Angriffe durchzuführen.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Excel ist ein Tabellenkalkulationsprogramm der Microsoft Office Suite und ist sowohl f\u00fcr Microsoft Windows als auch f\u00fcr Mac OS verf\u00fcgbar.\r\nMicrosoft PowerPoint ist ein Programm zum Erstellen und Vorf\u00fchren von Pr\u00e4sentationen. PowerPoint Viewer ist ein Anzeigeprogramm f\u00fcr PowerPoint Dateien.\r\nMicrosoft Word ist ein Textverarbeitungsprogramm der Firma Microsoft f\u00fcr die Windows-Betriebssysteme.\r\nDie Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nOutlook ist ein Personal Information Manager von Microsoft und ist Bestandteil der Office Suite.\r\nMicrosoft Office Online Server ist ein Serverprodukt, das browserbasierte Versionen von Word, PowerPoint, Excel und OneNote bereitstellt. \r\nMicrosoft Sharepoint Services ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft 365 Apps ist eine Office Suite f\u00fcr zahlreiche B\u00fcroanwendungen.\r\nMicrosoft Teams ist ein Kollaborations-, Kommunikations- und Videokonferenz-Tool.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer oder ein lokaler Angreifer kann mehrere Schwachstellen in Microsoft Excel 2016, Microsoft PowerPoint 2016, Microsoft Word 2016, Microsoft Office 2016, Microsoft Outlook 2016, Microsoft Office Online Server, Microsoft SharePoint, Microsoft Office 2019, Microsoft SharePoint Server 2019, Microsoft 365 Apps, Microsoft Teams und Microsoft Office ausnutzen, um Administratorrechte zu erlangen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Spoofing-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1491 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1491.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1491 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1491"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2025-07-22",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"source_lang": "en-US",
"title": "Microsoft Office: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-22T22:00:00.000+00:00",
"generator": {
"date": "2025-07-23T04:56:51.971+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1491",
"initial_release_date": "2025-07-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-22T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-2025-49704 und CVE-2025-49706 werden ausgenutzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft 365 Apps",
"product": {
"name": "Microsoft 365 Apps",
"product_id": "T045185",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:365_apps:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Excel 2016",
"product": {
"name": "Microsoft Excel 2016",
"product_id": "T045176",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:excel_2016:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "for Android",
"product": {
"name": "Microsoft Office for Android",
"product_id": "T043649",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:for_android"
}
}
},
{
"category": "product_version",
"name": "LTSC for Mac 2021",
"product": {
"name": "Microsoft Office LTSC for Mac 2021",
"product_id": "T045187",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
}
}
},
{
"category": "product_version",
"name": "LTSC 2021",
"product": {
"name": "Microsoft Office LTSC 2021",
"product_id": "T045188",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_2021"
}
}
},
{
"category": "product_version",
"name": "LTSC 2024",
"product": {
"name": "Microsoft Office LTSC 2024",
"product_id": "T045191",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_2024"
}
}
},
{
"category": "product_version",
"name": "LTSC for Mac 2024",
"product": {
"name": "Microsoft Office LTSC for Mac 2024",
"product_id": "T045192",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2024"
}
}
}
],
"category": "product_name",
"name": "Office"
},
{
"category": "product_name",
"name": "Microsoft Office 2016",
"product": {
"name": "Microsoft Office 2016",
"product_id": "T045179",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office_2016:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Office 2019",
"product": {
"name": "Microsoft Office 2019",
"product_id": "T045183",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office_2019:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Office Online Server",
"product": {
"name": "Microsoft Office Online Server",
"product_id": "T045181",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office_online_server:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft Outlook 2016",
"product": {
"name": "Microsoft Outlook 2016",
"product_id": "T045180",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:outlook_2016:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft PowerPoint 2016",
"product": {
"name": "Microsoft PowerPoint 2016",
"product_id": "T045177",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:powerpoint_2016:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Enterprise Server 2016",
"product": {
"name": "Microsoft SharePoint Enterprise Server 2016",
"product_id": "T045182",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
}
}
},
{
"category": "product_version",
"name": "Server Subscription Edition",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition",
"product_id": "T045189",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
}
}
}
],
"category": "product_name",
"name": "SharePoint"
},
{
"category": "product_name",
"name": "Microsoft SharePoint Server 2019",
"product": {
"name": "Microsoft SharePoint Server 2019",
"product_id": "T045184",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "for Desktop",
"product": {
"name": "Microsoft Teams for Desktop",
"product_id": "T029139",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:teams:for_desktop"
}
}
},
{
"category": "product_version",
"name": "for Mac",
"product": {
"name": "Microsoft Teams for Mac",
"product_id": "T029140",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:teams:for_mac"
}
}
},
{
"category": "product_version",
"name": "for iOS",
"product": {
"name": "Microsoft Teams for iOS",
"product_id": "T045186",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:teams:for_ios"
}
}
},
{
"category": "product_version",
"name": "for Android",
"product": {
"name": "Microsoft Teams for Android",
"product_id": "T045190",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:teams:for_android"
}
}
}
],
"category": "product_name",
"name": "Teams"
},
{
"category": "product_name",
"name": "Microsoft Word 2016",
"product": {
"name": "Microsoft Word 2016",
"product_id": "T045178",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:word_2016:-"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47994",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-47994"
},
{
"cve": "CVE-2025-48812",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-48812"
},
{
"cve": "CVE-2025-49695",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49695"
},
{
"cve": "CVE-2025-49696",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49696"
},
{
"cve": "CVE-2025-49697",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49697"
},
{
"cve": "CVE-2025-49698",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49698"
},
{
"cve": "CVE-2025-49699",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49699"
},
{
"cve": "CVE-2025-49700",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49700"
},
{
"cve": "CVE-2025-49701",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49701"
},
{
"cve": "CVE-2025-49702",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49702"
},
{
"cve": "CVE-2025-49703",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49703"
},
{
"cve": "CVE-2025-49704",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49704"
},
{
"cve": "CVE-2025-49705",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49705"
},
{
"cve": "CVE-2025-49706",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49706"
},
{
"cve": "CVE-2025-49711",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49711"
},
{
"cve": "CVE-2025-49731",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49731"
},
{
"cve": "CVE-2025-49737",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49737"
},
{
"cve": "CVE-2025-49756",
"product_status": {
"known_affected": [
"T045190",
"T045181",
"T045192",
"T029140",
"T045180",
"T045191",
"T045183",
"T045182",
"T043649",
"T045185",
"T045184",
"T045176",
"T045187",
"T029139",
"T045186",
"T045178",
"T045189",
"T045177",
"T045188",
"T045179"
]
},
"release_date": "2025-07-08T22:00:00.000+00:00",
"title": "CVE-2025-49756"
}
]
}
CNVD-2025-16875
Vulnerability from cnvd - Published: 2025-07-21
VLAI Severity ?
Title
Microsoft Office 365加密问题漏洞
Description
Microsoft Office 365是美国微软(Microsoft)公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。
Microsoft Office 365存在安全漏洞。攻击者利用该漏洞可以绕过某些功能。
Severity
低
Patch Name
Microsoft Office 365加密问题漏洞的补丁
Patch Description
Microsoft Office 365是美国微软(Microsoft)公司的一款办公软件套件产品。该产品常用组件包括Word、Excel、Access、Powerpoint、FrontPage等。
Microsoft Office 365存在安全漏洞。攻击者利用该漏洞可以绕过某些功能。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-49756
Impacted products
| Name | Microsoft 365 Apps for Enterprise |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-49756",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-49756"
}
},
"description": "Microsoft Office 365\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u5e38\u7528\u7ec4\u4ef6\u5305\u62ecWord\u3001Excel\u3001Access\u3001Powerpoint\u3001FrontPage\u7b49\u3002\n\nMicrosoft Office 365\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u7ed5\u8fc7\u67d0\u4e9b\u529f\u80fd\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49756",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-16875",
"openTime": "2025-07-21",
"patchDescription": "Microsoft Office 365\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u5e38\u7528\u7ec4\u4ef6\u5305\u62ecWord\u3001Excel\u3001Access\u3001Powerpoint\u3001FrontPage\u7b49\u3002\r\n\r\nMicrosoft Office 365\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u7ed5\u8fc7\u67d0\u4e9b\u529f\u80fd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft Office 365\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Microsoft 365 Apps for Enterprise"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-49756",
"serverity": "\u4f4e",
"submitTime": "2025-07-21",
"title": "Microsoft Office 365\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…