What is the CVSS score of EUVD-2025-20559?

EUVD-2025-20559 has a CVSS 3.1 base score of 7.0 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Office Long Term Servicing Channel are affected by EUVD-2025-20559?

CVE-2025-49699 is a use-after-free vulnerability in Microsoft Office that permits local code execution by unauthorized attackers, potentially allowing compromise of systems where Office applications…. A patch is available.

How to fix or mitigate EUVD-2025-20559?

Within 24 hours: Identify all systems running affected Microsoft Office versions and assess exposure in your environment. Within 7 days: Apply the vendor-released patch to all Microsoft Office installations; test in a non-production environment first. Within 30 days: Verify patch deployment across all assets through your patch management system and confirm no systems remain unpatched.

Office Long Term Servicing Channel EUVD-2025-20559

| CVE-2025-49699 HIGH

Use After Free (CWE-416)

2025-07-08 secure@microsoft.com

Microsoft Use After Free Memory Corruption Denial Of Service Office Long Term Servicing Channel Powerpoint Word 365 Apps Office Outlook

7.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.0 HIGH

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:30 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

16.0.5508.1002,16.99.25071321,16.0.5508.1000

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20559

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

CVE Published

Jul 08, 2025 - 17:15 nvd

HIGH 7.0

DescriptionCVE.org

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Analysis

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Technical ContextAI

A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior. This vulnerability is classified as Use After Free (CWE-416).

RemediationAI

Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.

EUVD-2025-20559 vulnerability details – vuln.today

Back

Office Long Term Servicing Channel EUVD-2025-20559

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code