CVE-2025-29979

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-29979
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29979 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*
History

19 May 2025, 14:24

Type Values Removed Values Added
Summary
  • (es) El desbordamiento del búfer basado en montón en Microsoft Office Excel permite que un atacante no autorizado ejecute código localmente.
First Time Microsoft office Long Term Servicing Channel
Microsoft office
Microsoft excel
Microsoft
Microsoft office Online Server
Microsoft 365 Apps
CWE CWE-787
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29979 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29979 - Vendor Advisory
CPE cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*

13 May 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-13 17:15

Updated : 2025-05-19 14:24

NVD link : CVE-2025-29979

Mitre link : CVE-2025-29979

CVE.ORG link : CVE-2025-29979

JSON object : View

Products Affected

microsoft

  • 365_apps
  • excel
  • office
  • office_online_server
  • office_long_term_servicing_channel
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write