CVE-2025-47994 — Deserialization of untrusted data in Microsoft Office allows an unauthorized att... | CVE Daily

High CVSS 7.8

Overview

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

CWE: CWE-502 Published: 2025-07-08T17:15:41.020

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.8 (HIGH)
Detected tags: deserialization, unauth_access (tag impact: HIGH)

Recommended actions:

Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.
Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags