High
CVE-2025-62558
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Tag: Microsoft Office
All CVEs associated with "Microsoft Office". Page 2/16 • 1815 CVEs.
Subscribe CVEs: RSS for “Microsoft Office” · RSS (High+Critical only)
About “Microsoft Office”
A curated feed of “Microsoft Office”-related CVEs appears below. We currently track 1815 CVEs for this tag (all time). In the last 365 days, 254 were published. Average CVSS is 7.5 (all time; 7.5 over 365d), and 68% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-12-09
High
CVE-2025-62557
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-62556
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-62555
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-62554
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-62553
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-62552
Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.
2025-12-08
Low
CVE-2025-66334
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Low
CVE-2025-66333
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Low
CVE-2025-66332
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Low
CVE-2025-66331
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
2025-12-04
High
CVE-2025-11838
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Offic…
2025-11-28
Medium
CVE-2025-64313
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
2025-11-27
Medium
CVE-2025-30190
Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sens…
2025-11-19
Medium
CVE-2025-65089
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an off…
Medium
CVE-2025-13396
A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql in…
2025-11-11
High
CVE-2025-62216
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-62205
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-62204
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
High
CVE-2025-62203
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-62202
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
High
CVE-2025-62201
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-62200
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-62199
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Medium
CVE-2025-60728
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
High
CVE-2025-60727
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-60726
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Medium
CVE-2025-59240
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
2025-11-10
High
CVE-2025-12865
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.
High
CVE-2025-12864
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.
2025-10-30
Medium
CVE-2025-10348
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed…
2025-10-14
High
CVE-2025-59243
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59238
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
High
CVE-2025-59237
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
High
CVE-2025-59236
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59235
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
High
CVE-2025-59234
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-59233
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59232
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
High
CVE-2025-59231
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Medium
CVE-2025-59229
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.
High
CVE-2025-59228
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
High
CVE-2025-59227
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-59226
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
High
CVE-2025-59225
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59224
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59223
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-59222
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-59221
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
2025-10-11
Low
CVE-2025-58292
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
Low
CVE-2025-58291
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
Low
CVE-2025-58290
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
Medium
CVE-2025-58288
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
High
CVE-2025-58287
Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality.
Low
CVE-2025-58286
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
2025-09-22
Medium
CVE-2025-10777
A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path travers…
2025-09-19
Medium
CVE-2025-10718
A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of andr…
2025-09-17
Critical
CVE-2025-9242
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 an…
2025-09-09
High
CVE-2025-55243
Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.
High
CVE-2025-54910
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-54908
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
High
CVE-2025-54907
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
High
CVE-2025-54906
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-54905
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
High
CVE-2025-54904
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-54903
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-54902
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Medium
CVE-2025-54901
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
High
CVE-2025-54900
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-54899
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-54898
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-54897
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
High
CVE-2025-54896
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
2025-09-03
Medium
CVE-2025-9219
The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorize…
2025-08-21
Medium
CVE-2025-53505
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the…
Medium
CVE-2025-53504
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be execu…
2025-08-12
High
CVE-2025-53784
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-53761
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
High
CVE-2025-53760
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
High
CVE-2025-53759
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-53741
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-53740
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-53739
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-53738
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-53737
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Medium
CVE-2025-53736
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
High
CVE-2025-53735
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
High
CVE-2025-53734
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
High
CVE-2025-53733
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-53732
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-53731
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-53730
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
High
CVE-2025-49712
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
2025-08-10
Medium
CVE-2025-8806
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/…
2025-07-20
Medium
CVE-2025-53771
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
2025-07-08
Low
CVE-2025-49756
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.
High
CVE-2025-49711
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Medium
CVE-2025-49706
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
High
CVE-2025-49705
Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
High
CVE-2025-49704
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
High
CVE-2025-49703
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-49702
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-49701
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
High
CVE-2025-49700
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-49699
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-49698
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-49697
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-49696
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-49695
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Medium
CVE-2025-48812
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
High
CVE-2025-47994
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
2025-07-03
Medium
CVE-2025-45938
Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Jira fullName parameter.
2025-06-26
Critical
CVE-2025-34046
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly val…
2025-06-17
Medium
CVE-2025-48993
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatti…
2025-06-16
Medium
CVE-2025-48992
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Nam…
2025-06-11
High
CVE-2025-32717
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
2025-06-10
High
CVE-2025-47957
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
High
CVE-2025-47953
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
High
CVE-2025-47176
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.
High
CVE-2025-47175
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.