What is the CVSS score of CVE-2025-49699?

CVE-2025-49699 has a CVSS 3.1 base score of 7.0 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Office Long Term Servicing Channel are affected by CVE-2025-49699?

CVE-2025-49699 is a use-after-free vulnerability in Microsoft Office that permits local code execution by unauthorized attackers, potentially allowing compromise of systems where Office applications…. A patch is available.

How to fix or mitigate CVE-2025-49699?

Within 24 hours: Identify all systems running affected Microsoft Office versions and assess exposure in your environment. Within 7 days: Apply the vendor-released patch to all Microsoft Office installations; test in a non-production environment first. Within 30 days: Verify patch deployment across all assets through your patch management system and confirm no systems remain unpatched.

Office Long Term Servicing Channel CVE-2025-49699

EUVD-2025-20559 HIGH

Use After Free (CWE-416)

2025-07-08 secure@microsoft.com

Microsoft Use After Free Memory Corruption Denial Of Service Office Long Term Servicing Channel Powerpoint Word 365 Apps Office Outlook

7.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.0 HIGH

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:30 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

16.0.5508.1002,16.99.25071321,16.0.5508.1000

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20559

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

CVE Published

Jul 08, 2025 - 17:15 nvd

HIGH 7.0

DescriptionCVE.org

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Analysis

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Technical ContextAI

A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior. This vulnerability is classified as Use After Free (CWE-416).

RemediationAI

Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.

CVE-2025-49699 vulnerability details – vuln.today

Back

Office Long Term Servicing Channel CVE-2025-49699

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code