CVE-2025-29820 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
CVE-2025-29820	Microsoft Word Remote Code Execution Vulnerability	Microsoft Office	Important	29-04-2025

Technical Information

An use after free vulnerability in Microsoft Office Excel which allows an unauthorized attacker to execute code locally.

Patch release date: Apr 08, 2025
Further information on this vulnerability is available at :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29820

Affected Software

Microsoft SharePoint Enterprise Server 2016,
Microsoft Office 2019 for 32-bit editions,
Microsoft Office 2019 for 64-bit editions,
Microsoft 365 Apps for Enterprise for 32-bit Systems,
Microsoft 365 Apps for Enterprise for 64-bit Systems,
Microsoft Office LTSC for Mac 2021,
Microsoft Office LTSC 2021 for 64-bit editions,
Microsoft Office LTSC 2021 for 32-bit editions,
Microsoft Office LTSC 2024 for 32-bit editions,
Microsoft Office LTSC 2024 for 64-bit editions,
Microsoft Office LTSC for Mac 2024,
Microsoft Office 2016 (32-bit edition),
Microsoft Office 2016 (64-bit edition)