CVEDB API

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.0%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2025-54906

Microsoft » 365 Apps » Version: N/A

cpe:2.3:a:microsoft:365_apps:-
Microsoft » Office » Version: 2016

cpe:2.3:a:microsoft:office:2016
Microsoft » Office » Version: 2019

cpe:2.3:a:microsoft:office:2019
Microsoft » Office Long Term Servicing Channel » Version: 2021

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021
Microsoft » Office Long Term Servicing Channel » Version: 2024

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024
Microsoft » Sharepoint Server » Version: 2016

cpe:2.3:a:microsoft:sharepoint_server:2016
Microsoft » Sharepoint Server » Version: 2019

cpe:2.3:a:microsoft:sharepoint_server:2019