CVE-2025-54899
HIGHDescription
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Is your site exposed to CVE-2025-54899?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microsoft | 365_apps |
| microsoft | 365_apps |
| microsoft | excel |
| microsoft | excel |
| microsoft | office |
| microsoft | office |
| microsoft | office_long_term_servicing_channel |
| microsoft | office_long_term_servicing_channel |
| microsoft | office_long_term_servicing_channel |
| microsoft | office_long_term_servicing_channel |
| microsoft | office_long_term_servicing_channel |
| microsoft | office_long_term_servicing_channel |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-54899? +
How severe is CVE-2025-54899? +
What products are affected by CVE-2025-54899? +
How do I check if I'm vulnerable to CVE-2025-54899? +
Related Vulnerabilities
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to …
SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access …
SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access …
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not …
SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to …
Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service …