CVEDB API

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 39.4%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2025-49702

Microsoft » 365 Apps » Version: N/A

cpe:2.3:a:microsoft:365_apps:-
Microsoft » 365 Copilot » Version: N/A

cpe:2.3:a:microsoft:365_copilot:-
Microsoft » Office » Version: 2016

cpe:2.3:a:microsoft:office:2016
Microsoft » Office » Version: 2019

cpe:2.3:a:microsoft:office:2019
Microsoft » Office Long Term Servicing Channel » Version: 2021

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021
Microsoft » Office Long Term Servicing Channel » Version: 2024

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024