← Back

CVE-2025-47167

nvd nist
Published: Jun 10, 2025Modified: Jul 9, 2025

JSON object

Loading...
8.4
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.5 / Impact: 5.9
Source: secure@microsoft.com (Secondary)

Description

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected (8)

Microsoft
3 products
365 Apps
Office
Office Long Term Servicing Channel
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
365 Apps
All versions
Microsoft
Office
Before 16.0.18925.20000
Office
Version 2016
Office
Version 2019
Microsoft
Office Long Term Servicing Channel
Version 2021
Office Long Term Servicing Channel
Version 2021
Office Long Term Servicing Channel
Version 2024
Office Long Term Servicing Channel
Version 2024

Related CWEs

CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (1)

Source: secure@microsoft.com
Vendor Advisory

Timeline

No history available yet.