Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2025-54905: Microsoft Word Information Disclosure Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#auth#Microsoft Office Word#Security Vulnerability
CVE-2025-54898: Microsoft Excel Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user needs to be tricked into running malicious files.

CVE-2025-54897: Microsoft SharePoint Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.