Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Published

2025-04-08T18:15:48.160

Last Modified

2025-07-09T16:56:22.553

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-125
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	365_apps	-	Yes
Application	microsoft	365_apps	-	Yes
Application	microsoft	access	2016	Yes
Application	microsoft	excel	2016	Yes
Application	microsoft	excel	2016	Yes
Application	microsoft	office	2016	Yes
Application	microsoft	office	2016	Yes
Application	microsoft	office	2019	Yes
Application	microsoft	office	2019	Yes
Application	microsoft	office_long_term_servicing_channel	2021	Yes
Application	microsoft	office_long_term_servicing_channel	2021	Yes
Application	microsoft	office_long_term_servicing_channel	2021	Yes
Application	microsoft	office_long_term_servicing_channel	2024	Yes
Application	microsoft	office_long_term_servicing_channel	2024	Yes
Application	microsoft	office_long_term_servicing_channel	2024	Yes
Application	microsoft	office_online_server	-	Yes
Application	microsoft	sharepoint_server	2019	Yes

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26642 Vendor Advisory ([email protected])