CVEDB API

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.9%

CVSS Severity

CVSS v3 Score 8.4

References

Products affected by CVE-2025-49697

Microsoft » 365 Apps » Version: N/A

cpe:2.3:a:microsoft:365_apps:-
Microsoft » Office » Version: N/A

cpe:2.3:a:microsoft:office:-
Microsoft » Office » Version: 2016

cpe:2.3:a:microsoft:office:2016
Microsoft » Office » Version: 2019

cpe:2.3:a:microsoft:office:2019
Microsoft » Office Long Term Servicing Channel » Version: 2021

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021
Microsoft » Office Long Term Servicing Channel » Version: 2024

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024
Microsoft » Office Online Server » Version: N/A

cpe:2.3:a:microsoft:office_online_server:-
Microsoft » Office Online Server » Version: 1.0

cpe:2.3:a:microsoft:office_online_server:1.0
Microsoft » Office Online Server » Version: 16.0.10410.20003

cpe:2.3:a:microsoft:office_online_server:16.0.10410.20003
Microsoft » Office Online Server » Version: 16.0.10414.20000

cpe:2.3:a:microsoft:office_online_server:16.0.10414.20000
Microsoft » Office Online Server » Version: 16.0.10416.20047

cpe:2.3:a:microsoft:office_online_server:16.0.10416.20047
Microsoft » Office Online Server » Version: 16.0.10416.20058

cpe:2.3:a:microsoft:office_online_server:16.0.10416.20058