PatchSiren cyber security CVE debrief
CVE-2025-49697 Microsoft CVE debrief
CVE-2025-49697 is a Microsoft Office heap-based buffer overflow that can allow an unauthorized attacker to execute code locally. The issue was publicly published on 2025-07-08 and later updated on 2025-07-15. NVD rates it HIGH with a CVSS 3.1 score of 8.4, and Microsoft’s advisory is the key official remediation reference.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-08
- Original CVE updated
- 2025-07-15
- Advisory published
- 2025-07-08
- Advisory updated
- 2025-07-15
Who should care
Organizations running affected Microsoft Office deployments should prioritize this issue, especially endpoints and managed desktops using Microsoft 365 Apps, Office 2016/2019, Office Long Term Servicing Channel 2021/2024, Office for Android, or Office Online Server as listed by NVD. Security and IT teams responsible for patching Office estates should treat it as a high-priority local-code-execution risk.
Technical summary
The official NVD record describes the flaw as a heap-based buffer overflow with CWE-122 classification. The CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating local attack conditions and high potential impact once the vulnerable component is reached. NVD lists multiple affected Microsoft Office product families, and Microsoft’s vendor advisory is referenced as the primary official mitigation source.
Defensive priority
High. The combination of high CVSS, code execution impact, and broad Office product coverage makes this a strong patching priority for managed endpoints and Office services, even though it is not listed in the supplied data as a known exploited vulnerability.
Recommended defensive actions
- Review Microsoft’s advisory for CVE-2025-49697 and apply the vendor-recommended update for affected Office products.
- Prioritize patching of systems that run Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, Office for Android, and Office Online Server where applicable.
- Validate which Office channels and architectures are present in your environment before rollout, since NVD lists x86, x64, and macOS variants for several affected families.
- Use asset inventory and software inventory to find exposed Office installations, then accelerate remediation on high-value endpoints and Office servers.
- Monitor Microsoft update status and confirm successful deployment rather than relying on advisory publication alone.
Evidence notes
All statements are based on the supplied NVD record and the referenced Microsoft advisory. The vulnerability description, CVSS score/vector, CWE-122 classification, and affected CPEs come from the official NVD source metadata. The Microsoft Security Response Center advisory is the only vendor reference provided in the corpus. No KEV listing was present in the supplied enrichment data.
Official resources
-
CVE-2025-49697 CVE record
CVE.org
-
CVE-2025-49697 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2025-07-08 and updated on 2025-07-15. No Known Exploited Vulnerabilities (KEV) listing was included in the supplied data.