VDB

GCVE-110-NCSC-2025-189

GCVE-110-NCSC-2025-189
Advisory PublishedCVSS 8.4/10
Vulnetix · Advisory published June 10, 2025
Microsoft heeft kwetsbaarheden verholpen in Office producten.

Weaknesses (CWE)

CWE-416Use After FreeCWE-122Heap-based Buffer OverflowCWE-641Improper Restriction of Names for Files and Other ResourcesCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-20Improper Input ValidationCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-502Deserialization of Untrusted DataCWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Risk Scores

CVSS 3.1
8.4/10
High · CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:microsoft/2016
Microsoftvers:unknown/16.0.0|<16.0.5504.1001
Microsoftvers:unknown/19.0.0|<https://aka.ms/officesecurityreleases
Microsoftvers:unknown/16.0.0|<16.0.10417.20018
Microsoftvers:microsoft/unknown
Microsoftvers:unknown/1.0.0|<16.0.10417.20018
Microsoftvers:unknown/16.0.0|<16.0.18526.20396
Microsoftvers:microsoft/2021
Microsoftvers:unknown/16.0.1|<16.0.5504.1000
Microsoftvers:unknown/1.0.0|<https://aka.ms/officesecurityreleases
Microsoftvers:unknown/1.0.0|<16.98.25060824
Microsoftvers:unknown/<4.79
Microsoftvers:unknown/16.0.0|<16.0.5504.1000
Microsoftvers:unknown/n/a
Microsoftvers:unknown/16.0.1|<16.98.25060824
Microsoftvers:unknown/16.0.1|<16.0.18925.20000
Microsoftvers:unknown/16.0.1|<https://aka.ms/officesecurityreleases
Microsoftvers:unknown/16.0.0.0|<16.0.5504.1000

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›