cvelistv5 - cve-2025-30379

CVE-2025-30379 (GCVE-0-2025-30379)

Vulnerability from cvelistv5

Published

2025-05-13 16:58

Modified

2025-09-10 00:09

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-763 - Release of Invalid Pointer or Reference

Summary

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

References

URL

fkie_cve-2025-30379

Vulnerability from fkie_nvd

Published

2025-05-13 17:16

Modified

2025-05-19 14:17

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	365_apps	-
microsoft	excel	2016
microsoft	office	2019
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2021
microsoft	office_long_term_servicing_channel	2024
microsoft	office_long_term_servicing_channel	2024
microsoft	office_online_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*",
              "matchCriteriaId": "6C9D7C93-E8CB-4A8A-BA15-093B03ACC62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*",
              "matchCriteriaId": "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:*:*",
              "matchCriteriaId": "BEA7C196-354E-414A-B0B8-821658C8BFB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*",
              "matchCriteriaId": "EF3E56B5-E6A6-4061-9380-D421E52B9199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C93299-B263-4A2C-B8D7-73E6A50513EE",
              "versionEndExcluding": "16.0.10417.20010",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally."
    },
    {
      "lang": "es",
      "value": "La liberaci\u00f3n de un puntero o referencia no v\u00e1lidos en Microsoft Office Excel permite que un atacante no autorizado ejecute c\u00f3digo localmente."
    }
  ],
  "id": "CVE-2025-30379",
  "lastModified": "2025-05-19T14:17:44.683",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-13T17:16:00.490",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-763"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}

msrc_cve-2025-30379

Vulnerability from csaf_microsoft

Published

2025-05-13 07:00

Modified

2025-05-14 07:00

Summary

Microsoft Excel Remote Code Execution Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "0x140ce"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379"
      },
      {
        "category": "self",
        "summary": "CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-30379.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Excel Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2025-05-14T07:00:00.000Z",
      "generator": {
        "date": "2025-09-10T00:09:05.362Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-30379",
      "initial_release_date": "2025-05-13T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-05-13T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-05-14T07:00:00.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.10417.20010",
            "product": {
              "name": "Office Online Server \u003c16.0.10417.20010",
              "product_id": "11"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.10417.20010",
            "product": {
              "name": "Office Online Server 16.0.10417.20010",
              "product_id": "10836"
            }
          }
        ],
        "category": "product_name",
        "name": "Office Online Server"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11573"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office 2019 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11574"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office 2019 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11762"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11763"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.97.25042725",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2021 \u003c16.97.25042725",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "16.97.25042725",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2021 16.97.25042725",
              "product_id": "11951"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC for Mac 2021"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11952"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2021 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "11953"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2021 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 32-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 32-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "12420"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2024 for 32-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 64-bit editions \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft Office LTSC 2024 for 64-bit editions https://aka.ms/OfficeSecurityReleases",
              "product_id": "12421"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC 2024 for 64-bit editions"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.97.25042725",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2024 \u003c16.97.25042725",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "16.97.25042725",
            "product": {
              "name": "Microsoft Office LTSC for Mac 2024 16.97.25042725",
              "product_id": "12440"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Office LTSC for Mac 2024"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5500.1000",
            "product": {
              "name": "Microsoft Excel 2016 (32-bit edition) \u003c16.0.5500.1000",
              "product_id": "13"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5500.1000",
            "product": {
              "name": "Microsoft Excel 2016 (32-bit edition) 16.0.5500.1000",
              "product_id": "10739"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Excel 2016 (32-bit edition)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c16.0.5500.1000",
            "product": {
              "name": "Microsoft Excel 2016 (64-bit edition) \u003c16.0.5500.1000",
              "product_id": "12"
            }
          },
          {
            "category": "product_version",
            "name": "16.0.5500.1000",
            "product": {
              "name": "Microsoft Excel 2016 (64-bit edition) 16.0.5500.1000",
              "product_id": "10740"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Excel 2016 (64-bit edition)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-30379",
      "cwe": {
        "id": "CWE-763",
        "name": "Release of Invalid Pointer or Reference"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\nFor example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.",
          "title": "According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?"
        },
        {
          "category": "faq",
          "text": "No, the Preview Pane is not an attack vector.",
          "title": "Is the Preview Pane an attack vector for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.",
          "title": "There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?"
        },
        {
          "category": "faq",
          "text": "Yes. As of May 14, 2025, the security update for Microsoft Office LTSC for Mac 2021 and 2024 are available. Customers running Microsoft Office LTSC for Mac 2021 and 2024 should ensure the update is installed to be protected from this vulnerability.",
          "title": "Are the updates for Microsoft Office LTSC for Mac 2021 and 2024 currently available?"
        }
      ],
      "product_status": {
        "fixed": [
          "10739",
          "10740",
          "10836",
          "11573",
          "11574",
          "11762",
          "11763",
          "11951",
          "11952",
          "11953",
          "12420",
          "12421",
          "12440"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379"
        },
        {
          "category": "self",
          "summary": "CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-30379.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-13T07:00:00.000Z",
          "details": "16.0.10417.20010:Security Update:https://support.microsoft.com/help/5002707",
          "product_ids": [
            "11"
          ],
          "url": "https://support.microsoft.com/help/5002707"
        },
        {
          "category": "vendor_fix",
          "date": "2025-05-13T07:00:00.000Z",
          "details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates",
          "product_ids": [
            "10",
            "9",
            "8",
            "7",
            "5",
            "4",
            "3",
            "2"
          ],
          "url": "https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates"
        },
        {
          "category": "vendor_fix",
          "date": "2025-05-13T07:00:00.000Z",
          "details": "16.97.25042725:Security Update:https://go.microsoft.com/fwlink/p/?linkid=831049",
          "product_ids": [
            "6",
            "1"
          ],
          "url": "https://go.microsoft.com/fwlink/p/?linkid=831049"
        },
        {
          "category": "vendor_fix",
          "date": "2025-05-13T07:00:00.000Z",
          "details": "16.0.5500.1000:Security Update:https://support.microsoft.com/help/5002717",
          "product_ids": [
            "13",
            "12"
          ],
          "url": "https://support.microsoft.com/help/5002717"
        },
        {
          "category": "vendor_fix",
          "date": "2025-05-13T07:00:00.000Z",
          "details": "16.0.5500.1000:Security Update:https://support.microsoft.com/help/5002716",
          "product_ids": [
            "13",
            "12"
          ],
          "url": "https://support.microsoft.com/help/5002716"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely"
        }
      ],
      "title": "Microsoft Excel Remote Code Execution Vulnerability"
    }
  ]
}

ncsc-2025-0155

Vulnerability from csaf_ncscnl

Published

2025-05-13 18:58

Modified

2025-05-13 18:58

Summary

Kwetsbaarheden verholpen in Microsoft Office

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.

Interpretaties

Een kwaadwillende kan de kwetsbaarheden misbruiken om zich verhoogde rechten toe te kennen en willekeurige code uit te voeren met rechten van het slachtoffer. Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen. ``` Microsoft Office PowerPoint: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-29978 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office Outlook: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-32705 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-30377 | 8.40 | Uitvoeren van willekeurige code | | CVE-2025-30386 | 8.40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office SharePoint: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-29976 | 7.80 | Verkrijgen van verhoogde rechten | | CVE-2025-30378 | 7.00 | Uitvoeren van willekeurige code | | CVE-2025-30382 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-30384 | 7.40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Microsoft Office Excel: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-29977 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-29979 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-30375 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-30376 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-30379 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-30381 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-30383 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-30393 | 7.80 | Uitvoeren van willekeurige code | | CVE-2025-32704 | 8.40 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| Windows Win32K - GRFX: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact | |----------------|------|-------------------------------------| | CVE-2025-30388 | 7.80 | Uitvoeren van willekeurige code | |----------------|------|-------------------------------------| ```

Oplossingen

Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op: https://portal.msrc.microsoft.com/en-us/security-guidance

Kans

medium

Schade

high

CWE-763

Release of Invalid Pointer or Reference

CWE-822

Untrusted Pointer Dereference

CWE-126

Buffer Over-read

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-125

Out-of-bounds Read

CWE-416

Use After Free

CWE-502

Deserialization of Untrusted Data

CWE-122

Heap-based Buffer Overflow

CWE-269

Improper Privilege Management

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om zich verhoogde rechten toe te kennen en willekeurige code uit te voeren met rechten van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.\n\n```\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-29978 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Outlook: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-32705 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-30377 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2025-30386 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-29976 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2025-30378 | 7.00 | Uitvoeren van willekeurige code     | \n| CVE-2025-30382 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-30384 | 7.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-29977 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-29979 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-30375 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-30376 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-30379 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-30381 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-30383 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-30393 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2025-32704 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-30388 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\n```",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft heeft updates beschikbaar gesteld waarmee de beschreven kwetsbaarheden worden verholpen. We raden u aan om deze updates te installeren. Meer informatie over de kwetsbaarheden, de installatie van de updates en eventuele work-arounds vindt u op:\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Release of Invalid Pointer or Reference",
        "title": "CWE-763"
      },
      {
        "category": "general",
        "text": "Untrusted Pointer Dereference",
        "title": "CWE-822"
      },
      {
        "category": "general",
        "text": "Buffer Over-read",
        "title": "CWE-126"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Improper Privilege Management",
        "title": "CWE-269"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "title": "Kwetsbaarheden verholpen in Microsoft Office",
    "tracking": {
      "current_release_date": "2025-05-13T18:58:56.989073Z",
      "generator": {
        "date": "2025-02-25T15:15:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.0"
        }
      },
      "id": "NCSC-2025-0155",
      "initial_release_date": "2025-05-13T18:58:56.989073Z",
      "revision_history": [
        {
          "date": "2025-05-13T18:58:56.989073Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770557",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x86:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Excel 2016 (32-bit edition)"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770558",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:excel_2016:*:*:*:*:*:*:x64:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Excel 2016 (64-bit edition)"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770553",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office 2016 (32-bit edition)"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770554",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x64:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office 2016 (64-bit edition)"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770547",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office 2019 for 32-bit editions"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770548",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office 2019 for 64-bit editions"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770555",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office LTSC for Mac 2021"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770556",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office LTSC for Mac 2024"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770550",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office LTSC 2021 for 32-bit editions"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770551",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office LTSC 2024 for 32-bit editions"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770552",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft Office LTSC 2024 for 64-bit editions"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1429583",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft SharePoint Server Subscription Edition"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770546",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft SharePoint Server 2019"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1770545",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft SharePoint Enterprise Server 2016"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1429573",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:microsoft/unknown",
                    "product": {
                      "name": "vers:microsoft/unknown",
                      "product_id": "CSAFPID-1429574",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
              }
            ],
            "category": "product_family",
            "name": "Microsoft Office"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/2019",
                    "product": {
                      "name": "vers:unknown/2019",
                      "product_id": "CSAFPID-1247900"
                    }
                  },
                  {
                    "category": "product_version_range",
                    "name": "vers:unknown/2021 ltsc",
                    "product": {
                      "name": "vers:unknown/2021 ltsc",
                      "product_id": "CSAFPID-1300946"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Office"
              }
            ],
            "category": "product_family",
            "name": "Microsoft"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-2566619",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "powerpoint"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/unknown",
                "product": {
                  "name": "vers:unknown/unknown",
                  "product_id": "CSAFPID-1332181",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "sharepoint_server"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-29976",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-29976",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-29976.json"
        }
      ],
      "title": "CVE-2025-29976"
    },
    {
      "cve": "CVE-2025-30378",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30378",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30378.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1770557",
            "CSAFPID-1770558",
            "CSAFPID-1770553",
            "CSAFPID-1770554",
            "CSAFPID-1770547",
            "CSAFPID-1770548",
            "CSAFPID-1770555",
            "CSAFPID-1770556",
            "CSAFPID-1770550",
            "CSAFPID-1770551",
            "CSAFPID-1770552",
            "CSAFPID-1247900",
            "CSAFPID-1300946",
            "CSAFPID-2566619",
            "CSAFPID-1429583",
            "CSAFPID-1770546",
            "CSAFPID-1770545",
            "CSAFPID-1429573",
            "CSAFPID-1429574",
            "CSAFPID-1332181"
          ]
        }
      ],
      "title": "CVE-2025-30378"
    },
    {
      "cve": "CVE-2025-30382",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30382",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30382.json"
        }
      ],
      "title": "CVE-2025-30382"
    },
    {
      "cve": "CVE-2025-30384",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30384",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30384.json"
        }
      ],
      "title": "CVE-2025-30384"
    },
    {
      "cve": "CVE-2025-29977",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-29977",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-29977.json"
        }
      ],
      "title": "CVE-2025-29977"
    },
    {
      "cve": "CVE-2025-29979",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-29979",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-29979.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1770557",
            "CSAFPID-1770558",
            "CSAFPID-1770553",
            "CSAFPID-1770554",
            "CSAFPID-1770547",
            "CSAFPID-1770548",
            "CSAFPID-1770555",
            "CSAFPID-1770556",
            "CSAFPID-1770550",
            "CSAFPID-1770551",
            "CSAFPID-1770552",
            "CSAFPID-1247900",
            "CSAFPID-1300946",
            "CSAFPID-2566619",
            "CSAFPID-1429583",
            "CSAFPID-1770546",
            "CSAFPID-1770545",
            "CSAFPID-1429573",
            "CSAFPID-1429574",
            "CSAFPID-1332181"
          ]
        }
      ],
      "title": "CVE-2025-29979"
    },
    {
      "cve": "CVE-2025-30375",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30375",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30375.json"
        }
      ],
      "title": "CVE-2025-30375"
    },
    {
      "cve": "CVE-2025-30376",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30376",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30376.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1770557",
            "CSAFPID-1770558",
            "CSAFPID-1770553",
            "CSAFPID-1770554",
            "CSAFPID-1770547",
            "CSAFPID-1770548",
            "CSAFPID-1770555",
            "CSAFPID-1770556",
            "CSAFPID-1770550",
            "CSAFPID-1770551",
            "CSAFPID-1770552",
            "CSAFPID-1247900",
            "CSAFPID-1300946",
            "CSAFPID-2566619",
            "CSAFPID-1429583",
            "CSAFPID-1770546",
            "CSAFPID-1770545",
            "CSAFPID-1429573",
            "CSAFPID-1429574",
            "CSAFPID-1332181"
          ]
        }
      ],
      "title": "CVE-2025-30376"
    },
    {
      "cve": "CVE-2025-30379",
      "cwe": {
        "id": "CWE-763",
        "name": "Release of Invalid Pointer or Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Release of Invalid Pointer or Reference",
          "title": "CWE-763"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30379",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30379.json"
        }
      ],
      "title": "CVE-2025-30379"
    },
    {
      "cve": "CVE-2025-30381",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Untrusted Pointer Dereference",
          "title": "CWE-822"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30381",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30381.json"
        }
      ],
      "title": "CVE-2025-30381"
    },
    {
      "cve": "CVE-2025-30383",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30383",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30383.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1770557",
            "CSAFPID-1770558",
            "CSAFPID-1770553",
            "CSAFPID-1770554",
            "CSAFPID-1770547",
            "CSAFPID-1770548",
            "CSAFPID-1770555",
            "CSAFPID-1770556",
            "CSAFPID-1770550",
            "CSAFPID-1770551",
            "CSAFPID-1770552",
            "CSAFPID-1247900",
            "CSAFPID-1300946",
            "CSAFPID-2566619",
            "CSAFPID-1429583",
            "CSAFPID-1770546",
            "CSAFPID-1770545",
            "CSAFPID-1429573",
            "CSAFPID-1429574",
            "CSAFPID-1332181"
          ]
        }
      ],
      "title": "CVE-2025-30383"
    },
    {
      "cve": "CVE-2025-30377",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30377",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30377.json"
        }
      ],
      "title": "CVE-2025-30377"
    },
    {
      "cve": "CVE-2025-30386",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30386",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30386.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1770557",
            "CSAFPID-1770558",
            "CSAFPID-1770553",
            "CSAFPID-1770554",
            "CSAFPID-1770547",
            "CSAFPID-1770548",
            "CSAFPID-1770555",
            "CSAFPID-1770556",
            "CSAFPID-1770550",
            "CSAFPID-1770551",
            "CSAFPID-1770552",
            "CSAFPID-1247900",
            "CSAFPID-1300946",
            "CSAFPID-2566619",
            "CSAFPID-1429583",
            "CSAFPID-1770546",
            "CSAFPID-1770545",
            "CSAFPID-1429573",
            "CSAFPID-1429574",
            "CSAFPID-1332181"
          ]
        }
      ],
      "title": "CVE-2025-30386"
    },
    {
      "cve": "CVE-2025-32704",
      "cwe": {
        "id": "CWE-126",
        "name": "Buffer Over-read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Over-read",
          "title": "CWE-126"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32704",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-32704.json"
        }
      ],
      "title": "CVE-2025-32704"
    },
    {
      "cve": "CVE-2025-29978",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-29978",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-29978.json"
        }
      ],
      "title": "CVE-2025-29978"
    },
    {
      "cve": "CVE-2025-30393",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30393",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30393.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1770557",
            "CSAFPID-1770558",
            "CSAFPID-1770553",
            "CSAFPID-1770554",
            "CSAFPID-1770547",
            "CSAFPID-1770548",
            "CSAFPID-1770555",
            "CSAFPID-1770556",
            "CSAFPID-1770550",
            "CSAFPID-1770551",
            "CSAFPID-1770552",
            "CSAFPID-1247900",
            "CSAFPID-1300946",
            "CSAFPID-2566619",
            "CSAFPID-1429583",
            "CSAFPID-1770546",
            "CSAFPID-1770545",
            "CSAFPID-1429573",
            "CSAFPID-1429574",
            "CSAFPID-1332181"
          ]
        }
      ],
      "title": "CVE-2025-30393"
    },
    {
      "cve": "CVE-2025-32705",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32705",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-32705.json"
        }
      ],
      "title": "CVE-2025-32705"
    },
    {
      "cve": "CVE-2025-30388",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1770557",
          "CSAFPID-1770558",
          "CSAFPID-1770553",
          "CSAFPID-1770554",
          "CSAFPID-1770547",
          "CSAFPID-1770548",
          "CSAFPID-1770555",
          "CSAFPID-1770556",
          "CSAFPID-1770550",
          "CSAFPID-1770551",
          "CSAFPID-1770552",
          "CSAFPID-1247900",
          "CSAFPID-1300946",
          "CSAFPID-2566619",
          "CSAFPID-1429583",
          "CSAFPID-1770546",
          "CSAFPID-1770545",
          "CSAFPID-1429573",
          "CSAFPID-1429574",
          "CSAFPID-1332181"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-30388",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30388.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1770557",
            "CSAFPID-1770558",
            "CSAFPID-1770553",
            "CSAFPID-1770554",
            "CSAFPID-1770547",
            "CSAFPID-1770548",
            "CSAFPID-1770555",
            "CSAFPID-1770556",
            "CSAFPID-1770550",
            "CSAFPID-1770551",
            "CSAFPID-1770552",
            "CSAFPID-1247900",
            "CSAFPID-1300946",
            "CSAFPID-2566619",
            "CSAFPID-1429583",
            "CSAFPID-1770546",
            "CSAFPID-1770545",
            "CSAFPID-1429573",
            "CSAFPID-1429574",
            "CSAFPID-1332181"
          ]
        }
      ],
      "title": "CVE-2025-30388"
    }
  ]
}

ghsa-qm3x-73px-64cm

Vulnerability from github

Published

2025-05-13 18:30

Modified

2025-05-13 18:30

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-30379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T17:16:00Z",
    "severity": "HIGH"
  },
  "details": "Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-qm3x-73px-64cm",
  "modified": "2025-05-13T18:30:56Z",
  "published": "2025-05-13T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30379"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2025-AVI-0404

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	Office	Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5500.1000
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5500.1000
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5500.1001
Microsoft	Office	Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5500.1000
Microsoft	Office	Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.97.25042725
Microsoft	Office	Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.97.25042725
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	Office	Microsoft Office LTSC 2024 pour éditions 64 bits
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5500.1000
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5500.1001
Microsoft	Office	Microsoft Office pour Universal versions antérieures à 16.0.14326.22502
Microsoft	Office	Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5500.1002
Microsoft	Office	Office Online Server versions antérieures à 16.0.10417.20010
Microsoft	Office	Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5500.1002
Microsoft	Office	Microsoft Office pour Android versions antérieures à 16.0.18827.20000
Microsoft	Office	Microsoft Office LTSC 2024 pour éditions 32 bits
Microsoft	Office	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits

References

Title

Publication Time

cnvd-2025-10450

Vulnerability from cnvd

Title

Microsoft Excel代码执行漏洞（CNVD-2025-10450）

Description

Microsoft Excel是美国微软（Microsoft）公司的一款Office套件中的电子表格处理软件。 Microsoft Excel存在代码执行漏洞，攻击者可利用该漏洞在系统上执行任意代码。

Severity

高

Patch Name

Microsoft Excel代码执行漏洞（CNVD-2025-10450）的补丁

Patch Description

Microsoft Excel是美国微软（Microsoft）公司的一款Office套件中的电子表格处理软件。 Microsoft Excel存在代码执行漏洞，攻击者可利用该漏洞在系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-30379

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30379

Impacted products

Name
['Microsoft Excel 2016', 'Microsoft Office Online Server', 'Microsoft Office 2019', 'Microsoft 365 Apps for Enterprise', 'Microsoft Office LTSC 2021', 'Microsoft Office LTSC for Mac 2021', 'Microsoft Microsoft Office LTSC 2024', 'Microsoft Office LTSC for Mac 2024']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-30379",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-30379"
    }
  },
  "description": "Microsoft Excel\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eOffice\u5957\u4ef6\u4e2d\u7684\u7535\u5b50\u8868\u683c\u5904\u7406\u8f6f\u4ef6\u3002\n\nMicrosoft Excel\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-30379",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-10450",
  "openTime": "2025-05-22",
  "patchDescription": "Microsoft Excel\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eOffice\u5957\u4ef6\u4e2d\u7684\u7535\u5b50\u8868\u683c\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nMicrosoft Excel\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Excel\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2025-10450\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Excel 2016",
      "Microsoft Office Online Server",
      "Microsoft Office 2019",
      "Microsoft 365 Apps for Enterprise",
      "Microsoft Office LTSC 2021",
      "Microsoft Office LTSC for Mac 2021",
      "Microsoft Microsoft Office LTSC 2024",
      "Microsoft Office LTSC for Mac 2024"
    ]
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30379",
  "serverity": "\u9ad8",
  "submitTime": "2025-05-21",
  "title": "Microsoft Excel\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2025-10450\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-30379 (GCVE-0-2025-30379)

Vulnerability from cvelistv5

fkie_cve-2025-30379

Vulnerability from fkie_nvd

msrc_cve-2025-30379

Vulnerability from csaf_microsoft

ncsc-2025-0155

Vulnerability from csaf_ncscnl

ghsa-qm3x-73px-64cm

Vulnerability from github

CERTFR-2025-AVI-0404

Vulnerability from certfr_avis

Solutions

cnvd-2025-10450

Vulnerability from cnvd

Tags

Sightings

Nomenclature