CVEDB API

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.5%

CVSS Severity

CVSS v3 Score 7.1

References

Products affected by CVE-2025-54905

Microsoft » 365 Apps » Version: N/A

cpe:2.3:a:microsoft:365_apps:-
Microsoft » Office » Version: 2019

cpe:2.3:a:microsoft:office:2019
Microsoft » Office Long Term Servicing Channel » Version: 2021

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021
Microsoft » Office Long Term Servicing Channel » Version: 2024

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024
Microsoft » Sharepoint Enterprise Server » Version: 2016

cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016
Microsoft » Sharepoint Server » Version: 2019

cpe:2.3:a:microsoft:sharepoint_server:2019
Microsoft » Word » Version: 2016

cpe:2.3:a:microsoft:word:2016