Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-55317 (GCVE-0-2025-55317)
Vulnerability from cvelistv5 – Published: 2025-09-09 17:01 – Updated: 2026-02-26 17:48
VLAI
EPSS
Title
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Summary
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft AutoUpdate for Mac |
Affected:
4.0.0 , < 4.80
(custom)
|
Date Public
2025-09-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T03:56:00.703029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:56.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft AutoUpdate for Mac",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.80",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:autoupdate:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "4.80",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-09-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:00:36.629Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317"
}
],
"title": "Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-55317",
"datePublished": "2025-09-09T17:01:07.872Z",
"dateReserved": "2025-08-12T20:19:59.422Z",
"dateUpdated": "2026-02-26T17:48:56.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-55317",
"date": "2026-05-27",
"epss": "0.00135",
"percentile": "0.32934"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55317\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-09-09T17:16:07.767\",\"lastModified\":\"2025-09-12T14:51:32.717\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper link resolution before file access (\u0027link following\u0027) in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:autoupdate:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"4.80\",\"matchCriteriaId\":\"41E56BCD-1BB6-4074-A02C-4AB056DFC407\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55317\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-10T03:56:00.703029Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-09T17:44:27.737Z\"}}], \"cna\": {\"title\": \"Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft AutoUpdate for Mac\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.80\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2025-09-09T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317\", \"name\": \"Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Improper link resolution before file access (\u0027link following\u0027) in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:autoupdate:*:*:*:*:*:macos:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.80\", \"versionStartIncluding\": \"4.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-02-20T16:00:36.629Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-55317\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T17:48:56.092Z\", \"dateReserved\": \"2025-08-12T20:19:59.422Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-09-09T17:01:07.872Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0780
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 20) versions antérieures à 16.0.4212.1 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20047 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3505.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6470.1 | ||
| Microsoft | N/A | Microsoft HPC Pack 2019 versions antérieures à 6.3.8352 Quick Fix QFE | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19127.20100 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2145.1 | ||
| Microsoft | N/A | Xbox Gaming Services versions antérieures à 30.104.13001.0. | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1150.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2085.1 | ||
| Microsoft | N/A | Microsoft AutoUpdate pour Mac versions antérieures à 4.80 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5517.1000 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4445.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7065.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 20) versions ant\u00e9rieures \u00e0 16.0.4212.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20047",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3505.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6470.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft HPC Pack 2019 versions ant\u00e9rieures \u00e0 6.3.8352 Quick Fix QFE",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19127.20100",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2145.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Xbox Gaming Services versions ant\u00e9rieures \u00e0 30.104.13001.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1150.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2085.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft AutoUpdate pour Mac versions ant\u00e9rieures \u00e0 4.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5517.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4445.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7065.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54897"
},
{
"name": "CVE-2025-47997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47997"
},
{
"name": "CVE-2025-55317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55317"
},
{
"name": "CVE-2024-21907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21907"
},
{
"name": "CVE-2025-55227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55227"
},
{
"name": "CVE-2025-55232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55232"
},
{
"name": "CVE-2025-54905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54905"
},
{
"name": "CVE-2025-55245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55245"
},
{
"name": "CVE-2025-54906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54906"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0780",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54897",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54897"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47997",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55227"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21907",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21907"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47997",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54906",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54906"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54905",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54905"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21907",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21907"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55317",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55245"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55232",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55227"
}
]
}
CERTFR-2025-AVI-0780
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 20) versions antérieures à 16.0.4212.1 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20047 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3505.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6470.1 | ||
| Microsoft | N/A | Microsoft HPC Pack 2019 versions antérieures à 6.3.8352 Quick Fix QFE | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19127.20100 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2145.1 | ||
| Microsoft | N/A | Xbox Gaming Services versions antérieures à 30.104.13001.0. | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1150.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2085.1 | ||
| Microsoft | N/A | Microsoft AutoUpdate pour Mac versions antérieures à 4.80 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5517.1000 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4445.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7065.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 20) versions ant\u00e9rieures \u00e0 16.0.4212.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20047",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3505.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6470.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft HPC Pack 2019 versions ant\u00e9rieures \u00e0 6.3.8352 Quick Fix QFE",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19127.20100",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2145.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Xbox Gaming Services versions ant\u00e9rieures \u00e0 30.104.13001.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1150.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2085.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft AutoUpdate pour Mac versions ant\u00e9rieures \u00e0 4.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5517.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4445.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7065.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54897"
},
{
"name": "CVE-2025-47997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47997"
},
{
"name": "CVE-2025-55317",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55317"
},
{
"name": "CVE-2024-21907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21907"
},
{
"name": "CVE-2025-55227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55227"
},
{
"name": "CVE-2025-55232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55232"
},
{
"name": "CVE-2025-54905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54905"
},
{
"name": "CVE-2025-55245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55245"
},
{
"name": "CVE-2025-54906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54906"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0780",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54897",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54897"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47997",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55227"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21907",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21907"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47997",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54906",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54906"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54905",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54905"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21907",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21907"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55317",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55245"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55232",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55232"
},
{
"published_at": "2025-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55227"
}
]
}
BDU:2025-11095
Vulnerability from fstec - Published: 09.09.2025
VLAI
Title
Уязвимость приложения автоматического обновления продуктов MS Office Microsoft AutoUpdate (MAU) for Mac, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость приложения автоматического обновления продуктов MS Office Microsoft AutoUpdate (MAU) for Mac связана с неверным определением ссылки перед доступом к файлу. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии
Severity
Vendor
Microsoft Corp
Software Name
Microsoft AutoUpdate
Software Version
до 4.80 (Microsoft AutoUpdate)
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317
CWE
CWE-59
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 4.80 (Microsoft AutoUpdate)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.09.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-11095",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-55317",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft AutoUpdate",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 MS Office Microsoft AutoUpdate (MAU) for Mac, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0441\u044b\u043b\u043a\u0438 \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0441\u0441\u044b\u043b\u043a\u0438 \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443 (CWE-59)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 MS Office Microsoft AutoUpdate (MAU) for Mac \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0441\u044b\u043b\u043a\u0438 \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-59",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
FKIE_CVE-2025-55317
Vulnerability from fkie_nvd - Published: 2025-09-09 17:16 - Updated: 2025-09-12 14:51
Severity
Summary
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | autoupdate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:autoupdate:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "41E56BCD-1BB6-4074-A02C-4AB056DFC407",
"versionEndExcluding": "4.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-55317",
"lastModified": "2025-09-12T14:51:32.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-09-09T17:16:07.767",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
GHSA-9F84-FG53-W8Q5
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31
VLAI
Details
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2025-55317"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:16:07Z",
"severity": "HIGH"
},
"details": "Improper link resolution before file access (\u0027link following\u0027) in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-9f84-fg53-w8q5",
"modified": "2025-09-09T18:31:23Z",
"published": "2025-09-09T18:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55317"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2025-55317
Vulnerability from csaf_microsoft - Published: 2025-09-09 00:00 - Updated: 2025-09-09 00:00Summary
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-59
- Improper Link Resolution Before File Access ('Link Following')
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft AutoUpdate for Mac 4.80
Microsoft AutoUpdate for Mac
|
4.80 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft AutoUpdate for Mac <4.80
Microsoft AutoUpdate for Mac
|
<4.80 |
Vendor Fix
fix
|
Threats
Impact
Elevation of Privilege
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
References
7 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317"
},
{
"category": "self",
"summary": "CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-55317.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability",
"tracking": {
"current_release_date": "2025-09-09T00:00:00.000Z",
"generator": {
"date": "2026-02-20T16:00:01.163Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-55317",
"initial_release_date": "2025-09-09T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-09T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.80",
"product": {
"name": "Microsoft AutoUpdate for Mac \u003c4.80",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "4.80",
"product": {
"name": "Microsoft AutoUpdate for Mac 4.80",
"product_id": "10949"
}
}
],
"category": "product_name",
"name": "Microsoft AutoUpdate for Mac"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55317",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.",
"title": "What privileges could be gained by an attacker who successfully exploited the vulnerability?"
},
{
"category": "faq",
"text": "A user can download an installer and before the user runs the installer, the attacker could replace it with a malicious installer. When the victim runs the malicious installer the attacker could elevate their privileges.",
"title": "How could an attacker exploit this vulnerability?"
}
],
"product_status": {
"fixed": [
"10949"
],
"known_affected": [
"1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55317"
},
{
"category": "self",
"summary": "CVE-2025-55317 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-55317.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-09T00:00:00.000Z",
"details": "4.80:Security Update:https://support.office.com/en-us/article/Check-for-Office-for-Mac-updates-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1",
"product_ids": [
"1"
],
"url": "https://support.office.com/en-us/article/Check-for-Office-for-Mac-updates-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Elevation of Privilege"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely"
}
],
"title": "Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability"
}
]
}
NCSC-2025-0278
Vulnerability from csaf_ncscnl - Published: 2025-09-09 18:23 - Updated: 2025-09-09 18:23Summary
Kwetsbaarheden verholpen in Microsoft Office
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Uitvoeren van willekeurige code (Gebruikersrechten)
- Toegang tot gevoelige gegevens
- Verkrijgen van verhoogde rechten
- Voordoen als andere gebruiker
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.
```
Microsoft Office:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-54906 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2025-55243 | 7.50 | Voordoen als andere gebruiker |
| CVE-2025-54910 | 8.40 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office Word:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-54905 | 7.10 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Microsoft Office Visio:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-54907 | 7.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Windows Imaging Component:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-53799 | 5.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
Microsoft Office PowerPoint:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-54908 | 7.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft AutoUpdate (MAU):
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-55317 | 7.80 | Verkrijgen van verhoogde rechten |
|----------------|------|-------------------------------------|
Microsoft Office SharePoint:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-54897 | 8.80 | Uitvoeren van willekeurige code |
|----------------|------|-------------------------------------|
Microsoft Office Excel:
|----------------|------|-------------------------------------|
| CVE-ID | CVSS | Impact |
|----------------|------|-------------------------------------|
| CVE-2025-54896 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2025-54898 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2025-54899 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2025-54902 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2025-54903 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2025-54904 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2025-54900 | 7.80 | Uitvoeren van willekeurige code |
| CVE-2025-54901 | 5.50 | Toegang tot gevoelige gegevens |
|----------------|------|-------------------------------------|
```
Oplossingen: Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:
https://portal.msrc.microsoft.com/en-us/security-guidance
Kans: medium
Schade: high
CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-126: Buffer Over-read
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-416: Use After Free
CWE-502: Deserialization of Untrusted Data
CWE-590: Free of Memory not on the Heap
CWE-822: Untrusted Pointer Dereference
CWE-908: Use of Uninitialized Resource
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.1 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
5.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
8.4 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
8.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
7.8 (High)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
5.5 (Medium)
Affected products
Known affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Microsoft / Microsoft 365 Apps for Enterprise
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft AutoUpdate for Mac
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Excel 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2021
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office LTSC for Mac 2024
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Office for Android
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft OfficePLUS
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft PowerPoint 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Enterprise Server 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server 2019
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft SharePoint Server Subscription Edition
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Microsoft Word 2016
|
vers:unknown/* | ||
|
vers:unknown/*
Microsoft / Office Online Server
|
vers:unknown/* |
References
17 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Uitvoeren van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n- Verkrijgen van verhoogde rechten\n- Voordoen als andere gebruiker\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.\n\n```\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-54906 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2025-55243 | 7.50 | Voordoen als andere gebruiker | \n| CVE-2025-54910 | 8.40 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-54905 | 7.10 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Visio: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-54907 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nWindows Imaging Component: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-53799 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-54908 | 7.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft AutoUpdate (MAU): \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-55317 | 7.80 | Verkrijgen van verhoogde rechten | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-54897 | 8.80 | Uitvoeren van willekeurige code | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID | CVSS | Impact |\n|----------------|------|-------------------------------------|\n| CVE-2025-54896 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2025-54898 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2025-54899 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2025-54902 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2025-54903 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2025-54904 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2025-54900 | 7.80 | Uitvoeren van willekeurige code | \n| CVE-2025-54901 | 5.50 | Toegang tot gevoelige gegevens | \n|----------------|------|-------------------------------------|\n```",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Free of Memory not on the Heap",
"title": "CWE-590"
},
{
"category": "general",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "general",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in Microsoft Office",
"tracking": {
"current_release_date": "2025-09-09T18:23:23.763765Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0278",
"initial_release_date": "2025-09-09T18:23:23.763765Z",
"revision_history": [
{
"date": "2025-09-09T18:23:23.763765Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Microsoft 365 Apps for Enterprise"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Microsoft AutoUpdate for Mac"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Microsoft Excel 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Microsoft Office 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2021"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC 2024"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC for Mac 2021"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Microsoft Office LTSC for Mac 2024"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Microsoft Office for Android"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Microsoft OfficePLUS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Microsoft PowerPoint 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Enterprise Server 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server Subscription Edition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Microsoft Word 2016"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Office Online Server"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54896",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54896 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54896.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54896"
},
{
"cve": "CVE-2025-54898",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54898 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54898.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54898"
},
{
"cve": "CVE-2025-54902",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54902 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54902.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54902"
},
{
"cve": "CVE-2025-54903",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54903 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54903.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54903"
},
{
"cve": "CVE-2025-54904",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54904 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54904.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54904"
},
{
"cve": "CVE-2025-54900",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54900"
},
{
"cve": "CVE-2025-54899",
"cwe": {
"id": "CWE-590",
"name": "Free of Memory not on the Heap"
},
"notes": [
{
"category": "other",
"text": "Free of Memory not on the Heap",
"title": "CWE-590"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54899 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54899.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54899"
},
{
"cve": "CVE-2025-54905",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54905 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54905.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54905"
},
{
"cve": "CVE-2025-54906",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54906"
},
{
"cve": "CVE-2025-54907",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54907 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54907.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54907"
},
{
"cve": "CVE-2025-54908",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54908 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54908.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54908"
},
{
"cve": "CVE-2025-54901",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54901"
},
{
"cve": "CVE-2025-54910",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54910 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54910.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54910"
},
{
"cve": "CVE-2025-54897",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54897 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-54897"
},
{
"cve": "CVE-2025-55243",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55243 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55243.json"
}
],
"title": "CVE-2025-55243"
},
{
"cve": "CVE-2025-55317",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55317 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55317.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-55317"
},
{
"cve": "CVE-2025-53799",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53799 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53799.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17"
]
}
],
"title": "CVE-2025-53799"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…