Vulnerability Monitor

Type: Secondary CWE-416
Type: Primary NVD-CWE-Other

The vendors, products, and vulnerabilities you care about

CVE-2025-54906

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.

2025-09-09T17:16:02.330

2025-09-12T16:50:22.293

Analyzed

CVSSv3.1: 7.8 (HIGH)

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	365_apps	-	Yes
Application	microsoft	365_apps	-	Yes
Application	microsoft	office	2016	Yes
Application	microsoft	office	2016	Yes
Application	microsoft	office	2019	Yes
Application	microsoft	office	2019	Yes
Application	microsoft	office_long_term_servicing_channel	2021	Yes
Application	microsoft	office_long_term_servicing_channel	2021	Yes
Application	microsoft	office_long_term_servicing_channel	2021	Yes
Application	microsoft	office_long_term_servicing_channel	2024	Yes
Application	microsoft	office_long_term_servicing_channel	2024	Yes
Application	microsoft	office_long_term_servicing_channel	2024	Yes
Application	microsoft	sharepoint_server	2016	Yes
Application	microsoft	sharepoint_server	2019	Yes