cvelistv5 - cve-2025-32717

CVE-2025-32717 (GCVE-0-2025-32717)

Vulnerability from cvelistv5

Published

2025-06-10 23:15

Modified

2025-07-11 16:36

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow

Summary

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

References

URL

	Vendor	Product	Version
	Microsoft	Microsoft 365 Apps for Enterprise	Version: 16.0.1 < https://aka.ms/OfficeSecurityReleases

cnvd-2025-17472

Vulnerability from cnvd

Title

Microsoft Word代码执行漏洞（CNVD-2025-17472）

Description

Microsoft Word是美国微软（Microsoft）公司的一套Office套件中的文字处理软件。 Microsoft Word存在代码执行漏洞，该漏洞是由于边界检查不当造成的。攻击者可利用该漏洞在系统上执行任意代码。

Severity

高

Patch Name

Microsoft Word代码执行漏洞（CNVD-2025-17472）的补丁

Patch Description

Microsoft Word是美国微软（Microsoft）公司的一套Office套件中的文字处理软件。 Microsoft Word存在代码执行漏洞，该漏洞是由于边界检查不当造成的。攻击者可利用该漏洞在系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717

Impacted products

Name
Microsoft 365 Apps for Enterprise

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-32717",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-32717"
    }
  },
  "description": "Microsoft Word\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957Office\u5957\u4ef6\u4e2d\u7684\u6587\u5b57\u5904\u7406\u8f6f\u4ef6\u3002\n\nMicrosoft Word\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u8fb9\u754c\u68c0\u67e5\u4e0d\u5f53\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-17472",
  "openTime": "2025-08-04",
  "patchDescription": "Microsoft Word\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957Office\u5957\u4ef6\u4e2d\u7684\u6587\u5b57\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nMicrosoft Word\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u8fb9\u754c\u68c0\u67e5\u4e0d\u5f53\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Word\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2025-17472\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft 365 Apps for Enterprise"
  },
  "referenceLink": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717",
  "serverity": "\u9ad8",
  "submitTime": "2025-06-17",
  "title": "Microsoft Word\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2025-17472\uff09"
}

ghsa-x3rj-56mr-h4q9

Vulnerability from github

Published

2025-06-11 00:30

Modified

2025-06-11 00:30

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-32717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-11T00:15:25Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-x3rj-56mr-h4q9",
  "modified": "2025-06-11T00:30:48Z",
  "published": "2025-06-11T00:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32717"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

msrc_cve-2025-32717

Vulnerability from csaf_microsoft

Published

2025-06-10 07:00

Modified

2025-06-10 07:00

Summary

Microsoft Word Remote Code Execution Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Haifei Li with \u003ca href=\"https://pub.expmon.com/\"\u003eEXPMON\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-32717 Microsoft Word Remote Code Execution Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717"
      },
      {
        "category": "self",
        "summary": "CVE-2025-32717 Microsoft Word Remote Code Execution Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-32717.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Word Remote Code Execution Vulnerability",
    "tracking": {
      "current_release_date": "2025-06-10T07:00:00.000Z",
      "generator": {
        "date": "2025-07-15T16:52:18.365Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-32717",
      "initial_release_date": "2025-06-10T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-06-10T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-06-10T07:00:00.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11762"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003chttps://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems \u003chttps://aka.ms/OfficeSecurityReleases",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "https://aka.ms/OfficeSecurityReleases",
            "product": {
              "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems https://aka.ms/OfficeSecurityReleases",
              "product_id": "11763"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft 365 Apps for Enterprise for 64-bit Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32717",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An unauthenticated attacker could exploit this vulnerability by crafting a malicious RTF file. If a user opens the file or it is rendered in the preview pane, the attacker could execute arbitrary code in the user\u0027s context.",
          "title": "How could an attacker exploit this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The security update for Microsoft 365 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.",
          "title": "Are the updates for the Microsoft 365 for Office currently available?"
        },
        {
          "category": "faq",
          "text": "The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.",
          "title": "According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?"
        },
        {
          "category": "faq",
          "text": "Yes, the Preview Pane is an attack vector.",
          "title": "Is the Preview Pane an attack vector for this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "11762",
          "11763"
        ],
        "known_affected": [
          "1",
          "2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32717 Microsoft Word Remote Code Execution Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717"
        },
        {
          "category": "self",
          "summary": "CVE-2025-32717 Microsoft Word Remote Code Execution Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-32717.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T07:00:00.000Z",
          "details": "https://aka.ms/OfficeSecurityReleases:Security Update:https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates",
          "product_ids": [
            "2",
            "1"
          ],
          "url": "https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely"
        }
      ],
      "title": "Microsoft Word Remote Code Execution Vulnerability"
    }
  ]
}

fkie_cve-2025-32717

Vulnerability from fkie_nvd

Published

2025-06-11 00:15

Modified

2025-07-09 13:52

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717	Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	365_apps	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally."
    },
    {
      "lang": "es",
      "value": "El desbordamiento del b\u00fafer basado en mont\u00f3n en Microsoft Office Word permite que un atacante no autorizado ejecute c\u00f3digo localmente."
    }
  ],
  "id": "CVE-2025-32717",
  "lastModified": "2025-07-09T13:52:32.990",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-11T00:15:25.317",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    }
  ]
}

CERTFR-2025-AVI-0498

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.98.25060824
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 64 bits
Microsoft	Office	Microsoft PowerPoint 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Office LTSC 2021 pour éditions 32 bits
Microsoft	Office	Microsoft Outlook 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Microsoft 365 Apps pour Enterprise pour systèmes 64 bits
Microsoft	Office	Microsoft PowerPoint 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Office pour Android versions antérieures à 16.0.18925.20000
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Outlook 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Office LTSC 2024 pour éditions 64 bits
Microsoft	Office	Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.98.25060824
Microsoft	Office	Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000
Microsoft	Office	Office Online Server versions antérieures à 16.0.10417.20018
Microsoft	Office	Microsoft Office LTSC 2024 pour éditions 32 bits
Microsoft	Office	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Office CVE-2025-47167	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47162	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47168	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47170	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47957	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47174	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47165	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47953	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47173	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47175	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-32717	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47169	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47176	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47171	2025-06-10	vendor-advisory
Bulletin de sécurité Microsoft Office CVE-2025-47164	2025-06-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.98.25060824",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.18925.20000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.98.25060824",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20018",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-32717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32717"
    },
    {
      "name": "CVE-2025-47169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47169"
    },
    {
      "name": "CVE-2025-47162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47162"
    },
    {
      "name": "CVE-2025-47175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47175"
    },
    {
      "name": "CVE-2025-47171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47171"
    },
    {
      "name": "CVE-2025-47165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47165"
    },
    {
      "name": "CVE-2025-47164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47164"
    },
    {
      "name": "CVE-2025-47174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47174"
    },
    {
      "name": "CVE-2025-47167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47167"
    },
    {
      "name": "CVE-2025-47168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47168"
    },
    {
      "name": "CVE-2025-47176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47176"
    },
    {
      "name": "CVE-2025-47170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47170"
    },
    {
      "name": "CVE-2025-47173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47173"
    },
    {
      "name": "CVE-2025-47957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47957"
    },
    {
      "name": "CVE-2025-47953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47953"
    }
  ],
  "initial_release_date": "2025-06-11T00:00:00",
  "last_revision_date": "2025-06-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0498",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47167",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47167"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47162",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47162"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47168",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47168"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47170",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47170"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47957",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47957"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47174",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47174"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47165",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47165"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47953",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47953"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47173",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47173"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47175",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47175"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-32717",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47169",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47169"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47176",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47176"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47171",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47171"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47164",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47164"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-32717 (GCVE-0-2025-32717)

Vulnerability from cvelistv5

cnvd-2025-17472

Vulnerability from cnvd

ghsa-x3rj-56mr-h4q9

Vulnerability from github

msrc_cve-2025-32717

Vulnerability from csaf_microsoft

fkie_cve-2025-32717

Vulnerability from fkie_nvd

CERTFR-2025-AVI-0498

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature