Vulnerability-Lookup

WID-SEC-W-2025-1017

Vulnerability from csaf_certbund - Published: 2025-05-13 22:00 - Updated: 2025-05-15 22:00

Summary

Microsoft Office: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen. Microsoft Sharepoint Services ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. über Webseiten zur Verfügung gestellt.

Angriff: Ein Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office Produkten und Microsoft SharePoint ausnutzen, um seine Privilegien zu erweitern oder beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme: - Android - MacOS X - Windows

CVE-2025-29976

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-29977

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-29978

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-29979

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30375

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30376

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30377

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30378

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30379

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30381

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30382

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30383

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30384

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30386

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30388

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-30393

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-32704

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

CVE-2025-32705

Affected products

Known affected 14 products

Product	Identifier	Version
Microsoft Office for Android Microsoft / Office	`cpe:/a:microsoft:office:for_android`	for Android
Microsoft Excel 2016 Microsoft	`cpe:/a:microsoft:excel_2016:-`	—
Microsoft Office Online Server Microsoft	`cpe:/a:microsoft:office_online_server:-`	—
Microsoft Office LTSC for Mac 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2024`	LTSC for Mac 2024
Microsoft SharePoint Enterprise Server 2016 Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:enterprise_server_2016`	Enterprise Server 2016
Microsoft Office 2019 Microsoft	`cpe:/a:microsoft:office_2019:-`	—
Microsoft SharePoint Server 2019 Microsoft	`cpe:/a:microsoft:sharepoint_server_2019:-`	—
Microsoft 365 Apps Microsoft	`cpe:/a:microsoft:365_apps:-`	—
Microsoft Office LTSC for Mac 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_for_mac_2021`	LTSC for Mac 2021
Microsoft Office LTSC 2021 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2021`	LTSC 2021
Microsoft SharePoint Server Subscription Edition Microsoft / SharePoint	`cpe:/a:microsoft:sharepoint:server_subscription_edition`	Server Subscription Edition
Microsoft Office for Universal Microsoft / Office	`cpe:/a:microsoft:office:for_universal`	for Universal
Microsoft Office 2016 Microsoft	`cpe:/a:microsoft:office_2016:-`	—
Microsoft Office LTSC 2024 Microsoft / Office	`cpe:/a:microsoft:office:ltsc_2024`	LTSC 2024

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://msrc.microsoft.com/update-guide/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nMicrosoft Sharepoint Services ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in verschiedenen Microsoft Office Produkten und Microsoft SharePoint ausnutzen, um seine Privilegien zu erweitern oder beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1017 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1017.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1017 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1017"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
        "url": "https://msrc.microsoft.com/update-guide/"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Office: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-05-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-16T05:34:16.692+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1017",
      "initial_release_date": "2025-05-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-15T22:00:00.000+00:00",
          "number": "2",
          "summary": "Anpassung Schadensh\u00f6he-Bewertung"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft 365 Apps",
            "product": {
              "name": "Microsoft 365 Apps",
              "product_id": "T043645",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:365_apps:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Excel 2016",
            "product": {
              "name": "Microsoft Excel 2016",
              "product_id": "T043639",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:excel_2016:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "LTSC for Mac 2021",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2021",
                  "product_id": "T043646",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC 2021",
                "product": {
                  "name": "Microsoft Office LTSC 2021",
                  "product_id": "T043647",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2021"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Android",
                "product": {
                  "name": "Microsoft Office for Android",
                  "product_id": "T043649",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:for_android"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Universal",
                "product": {
                  "name": "Microsoft Office for Universal",
                  "product_id": "T043650",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:for_universal"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC 2024",
                "product": {
                  "name": "Microsoft Office LTSC 2024",
                  "product_id": "T043651",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_2024"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "LTSC for Mac 2024",
                "product": {
                  "name": "Microsoft Office LTSC for Mac 2024",
                  "product_id": "T043652",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2024"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Office"
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2016",
            "product": {
              "name": "Microsoft Office 2016",
              "product_id": "T043640",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office 2019",
            "product": {
              "name": "Microsoft Office 2019",
              "product_id": "T043643",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_2019:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Office Online Server",
            "product": {
              "name": "Microsoft Office Online Server",
              "product_id": "T043641",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:office_online_server:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Enterprise Server 2016",
                "product": {
                  "name": "Microsoft SharePoint Enterprise Server 2016",
                  "product_id": "T043642",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:enterprise_server_2016"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Server Subscription Edition",
                "product": {
                  "name": "Microsoft SharePoint Server Subscription Edition",
                  "product_id": "T043648",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SharePoint"
          },
          {
            "category": "product_name",
            "name": "Microsoft SharePoint Server 2019",
            "product": {
              "name": "Microsoft SharePoint Server 2019",
              "product_id": "T043644",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-29976",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-29976"
    },
    {
      "cve": "CVE-2025-29977",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-29977"
    },
    {
      "cve": "CVE-2025-29978",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-29978"
    },
    {
      "cve": "CVE-2025-29979",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-29979"
    },
    {
      "cve": "CVE-2025-30375",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30375"
    },
    {
      "cve": "CVE-2025-30376",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30376"
    },
    {
      "cve": "CVE-2025-30377",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30377"
    },
    {
      "cve": "CVE-2025-30378",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30378"
    },
    {
      "cve": "CVE-2025-30379",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30379"
    },
    {
      "cve": "CVE-2025-30381",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30381"
    },
    {
      "cve": "CVE-2025-30382",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30382"
    },
    {
      "cve": "CVE-2025-30383",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30383"
    },
    {
      "cve": "CVE-2025-30384",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30384"
    },
    {
      "cve": "CVE-2025-30386",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30386"
    },
    {
      "cve": "CVE-2025-30388",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30388"
    },
    {
      "cve": "CVE-2025-30393",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-30393"
    },
    {
      "cve": "CVE-2025-32704",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-32704"
    },
    {
      "cve": "CVE-2025-32705",
      "product_status": {
        "known_affected": [
          "T043649",
          "T043639",
          "T043641",
          "T043652",
          "T043642",
          "T043643",
          "T043644",
          "T043645",
          "T043646",
          "T043647",
          "T043648",
          "T043650",
          "T043640",
          "T043651"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-32705"
    }
  ]
}

CVE-2025-29976 (GCVE-0-2025-29976)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:20

Title

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Summary

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-269 - Improper Privilege Management

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5500.1001 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10417.20010 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.18526.20286 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:45:13.957329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:45:21.700Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1001",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.18526.20286",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5500.1001",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.18526.20286",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:20:57.326Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29976"
        }
      ],
      "title": "Microsoft SharePoint Server Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-29976",
    "datePublished": "2025-05-13T16:58:36.558Z",
    "dateReserved": "2025-03-12T17:54:45.711Z",
    "dateUpdated": "2026-02-13T19:20:57.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-29977 (GCVE-0-2025-29977)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:20

Title

Microsoft Excel Remote Code Execution Vulnerability

Summary

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-416 - Use After Free

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Excel 2016	Affected: 16.0.0.0 , < 16.0.5500.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.97.25042725 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.97.25042725 (custom)
Microsoft	Office Online Server	Affected: 16.0.0.0 , < 16.0.10417.20010 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:39:59.972083Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:40:09.874Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5500.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:20:57.990Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29977"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-29977",
    "datePublished": "2025-05-13T16:58:37.218Z",
    "dateReserved": "2025-03-12T17:54:45.711Z",
    "dateUpdated": "2026-02-13T19:20:57.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-29978 (GCVE-0-2025-29978)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:20

Title

Microsoft PowerPoint Remote Code Execution Vulnerability

Summary

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-416 - Use After Free

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:26:11.467228Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:26:20.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:20:58.585Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft PowerPoint Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29978"
        }
      ],
      "title": "Microsoft PowerPoint Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-29978",
    "datePublished": "2025-05-13T16:58:37.759Z",
    "dateReserved": "2025-03-12T17:54:45.711Z",
    "dateUpdated": "2026-02-13T19:20:58.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-29979 (GCVE-0-2025-29979)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:20

Title

Microsoft Excel Remote Code Execution Vulnerability

Summary

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2016	Affected: 16.0.0 , < 16.0.5500.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.97.25042725 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.97.25042725 (custom)
Microsoft	Office Online Server	Affected: 16.0.0.0 , < 16.0.10417.20010 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29979",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:25:47.030113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:25:53.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5500.1000",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:20:59.172Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29979"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-29979",
    "datePublished": "2025-05-13T16:58:38.313Z",
    "dateReserved": "2025-03-12T17:54:45.711Z",
    "dateUpdated": "2026-02-13T19:20:59.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30375 (GCVE-0-2025-30375)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-26 18:28

Title

Microsoft Excel Remote Code Execution Vulnerability

Summary

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Excel 2016	Affected: 16.0.0.0 , < 16.0.5500.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.97.25042725 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.97.25042725 (custom)
Microsoft	Office Online Server	Affected: 16.0.0.0 , < 16.0.10417.20010 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30375",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T04:00:48.200317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:33.844Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5500.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:20:59.666Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30375"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-30375",
    "datePublished": "2025-05-13T16:58:39.168Z",
    "dateReserved": "2025-03-21T19:09:29.813Z",
    "dateUpdated": "2026-02-26T18:28:33.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30376 (GCVE-0-2025-30376)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21

Title

Microsoft Excel Remote Code Execution Vulnerability

Summary

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-125 - Out-of-bounds Read

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Excel 2016	Affected: 16.0.0.0 , < 16.0.5500.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.97.25042725 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.97.25042725 (custom)
Microsoft	Office Online Server	Affected: 16.0.0.0 , < 16.0.10417.20010 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30376",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:24:25.347082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:24:36.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5500.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:21:00.320Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30376"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-30376",
    "datePublished": "2025-05-13T16:58:40.109Z",
    "dateReserved": "2025-03-21T19:09:29.814Z",
    "dateUpdated": "2026-02-13T19:21:00.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30377 (GCVE-0-2025-30377)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21

Title

Microsoft Office Remote Code Execution Vulnerability

Summary

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-416 - Use After Free

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office 2016	Affected: 16.0.0 , < 16.0.5500.1002 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office for Android	Affected: 16.0.1 , < 16.0.18827.20000 (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.97.25042725 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.97.25042725 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30377",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:23:49.728814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:23:58.683Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1002",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office for Android",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.18827.20000",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office:*:*:android:*:*:*:*:*",
                  "versionEndExcluding": "16.0.18827.20000",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5500.1002",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:21:00.850Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30377"
        }
      ],
      "title": "Microsoft Office Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-30377",
    "datePublished": "2025-05-13T16:58:40.672Z",
    "dateReserved": "2025-03-21T19:09:29.814Z",
    "dateUpdated": "2026-02-13T19:21:00.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30378 (GCVE-0-2025-30378)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21

Title

Microsoft SharePoint Server Remote Code Execution Vulnerability

Summary

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

3 products

Vendor	Product	Version
Microsoft	Microsoft SharePoint Enterprise Server 2016	Affected: 16.0.0 , < 16.0.5500.1001 (custom)
Microsoft	Microsoft SharePoint Server 2019	Affected: 16.0.0 , < 16.0.10417.20010 (custom)
Microsoft	Microsoft SharePoint Server Subscription Edition	Affected: 16.0.0 , < 16.0.18526.20286 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30378",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:21:59.417103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:22:50.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1001",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.18526.20286",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "16.0.5500.1001",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
                  "versionEndExcluding": "16.0.18526.20286",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:21:01.408Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft SharePoint Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30378"
        }
      ],
      "title": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-30378",
    "datePublished": "2025-05-13T16:58:41.341Z",
    "dateReserved": "2025-03-21T19:09:29.814Z",
    "dateUpdated": "2026-02-13T19:21:01.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30379 (GCVE-0-2025-30379)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21

Title

Microsoft Excel Remote Code Execution Vulnerability

Summary

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-763 - Release of Invalid Pointer or Reference

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Excel 2016	Affected: 16.0.0.0 , < 16.0.5500.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.97.25042725 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.97.25042725 (custom)
Microsoft	Office Online Server	Affected: 16.0.0.0 , < 16.0.10417.20010 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30379",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:21:23.418123Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:21:31.261Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5500.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-763",
              "description": "CWE-763: Release of Invalid Pointer or Reference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:21:02.150Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-30379",
    "datePublished": "2025-05-13T16:58:41.975Z",
    "dateReserved": "2025-03-21T19:09:29.814Z",
    "dateUpdated": "2026-02-13T19:21:02.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-30381 (GCVE-0-2025-30381)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:58 – Updated: 2026-02-13 19:21

Title

Microsoft Excel Remote Code Execution Vulnerability

Summary

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-125 - Out-of-bounds Read
CWE-822 - Untrusted Pointer Dereference

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

8 products

Vendor	Product	Version
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Excel 2016	Affected: 16.0.0.0 , < 16.0.5500.1000 (custom)
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2021	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC 2024	Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Microsoft	Microsoft Office LTSC for Mac 2021	Affected: 16.0.1 , < 16.97.25042725 (custom)
Microsoft	Microsoft Office LTSC for Mac 2024	Affected: 16.0.0 , < 16.97.25042725 (custom)
Microsoft	Office Online Server	Affected: 16.0.0.0 , < 16.0.10417.20010 (custom)

Date Public ?

2025-05-13 07:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30381",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:39:31.802369Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:39:39.928Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5500.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Microsoft Office LTSC for Mac 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.97.25042725",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10417.20010",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:ltsc:*:*:*",
                  "versionEndExcluding": "16.0.10417.20010",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
                  "versionEndExcluding": "16.97.25042725",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "16.0.5500.1000",
                  "versionStartIncluding": "16.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-822",
              "description": "CWE-822: Untrusted Pointer Dereference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:21:02.632Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Excel Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30381"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-30381",
    "datePublished": "2025-05-13T16:58:42.618Z",
    "dateReserved": "2025-03-21T19:09:29.814Z",
    "dateUpdated": "2026-02-13T19:21:02.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1017

CVE-2025-29976 (GCVE-0-2025-29976)

CVE-2025-29977 (GCVE-0-2025-29977)

CVE-2025-29978 (GCVE-0-2025-29978)

CVE-2025-29979 (GCVE-0-2025-29979)

CVE-2025-30375 (GCVE-0-2025-30375)

CVE-2025-30376 (GCVE-0-2025-30376)

CVE-2025-30377 (GCVE-0-2025-30377)

CVE-2025-30378 (GCVE-0-2025-30378)

CVE-2025-30379 (GCVE-0-2025-30379)

CVE-2025-30381 (GCVE-0-2025-30381)

Tags

Sightings

Nomenclature