AI description
CVE-2025-54906 is a remote code execution (RCE) vulnerability in Microsoft Office that stems from freeing memory not on the heap. This vulnerability can be triggered by maliciously crafted Office files, which could allow an attacker to execute arbitrary code on a system. Successful exploitation of CVE-2025-54906 could allow an attacker to execute malicious code within the context of the current user. An attacker would need prior access to the target system or convince a user to open a specially crafted file to achieve local code execution. Microsoft has released patches to address this vulnerability.
- Description
- Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- 365_apps, office, office_long_term_servicing_channel, sharepoint_server
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-416
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
Vulnerabilidades críticas de Microsoft Office permiten a los atacantes ejecutar código malicioso CVE-2025-54910 CVE-2025-54906 https://t.co/3tuGnirysr https://t.co/7SATMvzpQG
@elhackernet
13 Sept 2025
10971 Impressions
56 Retweets
180 Likes
56 Bookmarks
2 Replies
1 Quote
🛡️Critical Microsoft Office Vulnerabilities Tracked as CVE-2025-54910 (Critical), CVE-2025-54906 (Important) ✅Immediate Actions- Install the latest Office updates: Microsoft has released patches ✅Disable 'Preview Pane' in File Explorer: triggered by previewing malicious
@girlsboysintech
11 Sept 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️Critical Microsoft Office Vulnerabilities Tracked as CVE-2025-54910 (Critical), CVE-2025-54906 (Important) ✅Immediate Actions- Install the latest Office updates: Microsoft has released patches ✅Disable 'Preview Pane' in File Explorer: triggered by previewing malicious
@girlsboysintech
11 Sept 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی ۲ آسیب پذیری با کدهای شناسایی CVE-2025-54910 و CVE-2025-54906 برای ماکروسافت آفیس منتشر شده است. این دو آسیب پذیری باعث کنترل کامل هکر به سیستم قربانی و اجرای ک
@AmirHossein_sec
11 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️Critical Microsoft Office Vulnerabilities Tracked as CVE-2025-54910 (Critical), CVE-2025-54906 (Important) ✅Immediate Actions- Install the latest Office updates: Microsoft has released patches ✅Disable 'Preview Pane' in File Explorer: triggered by previewing malicious
@girlsboysintech
11 Sept 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54906 Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. https://t.co/uzlPllug7i
@CVEnew
9 Sept 2025
233 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF"
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "72324216-4EB3-4243-A007-FEF3133C7DF9"
},
{
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "0FBB0E61-7997-4F26-9C07-54912D3F1C10"
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA"
},
{
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C"
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*",
"vulnerable": true,
"matchCriteriaId": "851BAC4E-9965-4F40-9A6C-B73D9004F4C1"
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*",
"vulnerable": true,
"matchCriteriaId": "23B2FA23-76F4-4D83-A718-B8D04D7EA37B"
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654"
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*",
"vulnerable": true,
"matchCriteriaId": "D31E509A-0B2E-4B41-88C4-0099E800AFE6"
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*",
"vulnerable": true,
"matchCriteriaId": "017A7041-BEF1-4E4E-AC8A-EFC6AFEB01FE"
},
{
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199"
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
],
"operator": "OR"
}
]
}
]