Microsoft 365 Apps
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft 365 Apps.
By the Year
In 2025 there have been 73 vulnerabilities in Microsoft 365 Apps with an average score of 7.8 out of ten. Last year, in 2024 365 Apps had 42 security vulnerabilities published. That is, 31 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.08.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 73 | 7.77 |
| 2024 | 42 | 7.69 |
| 2023 | 55 | 7.35 |
| 2022 | 46 | 7.26 |
| 2021 | 64 | 7.45 |
| 2020 | 50 | 7.30 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new 365 Apps vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft 365 Apps Security Vulnerabilities
Heap-based buffer overflow in Microsoft Office Word
CVE-2025-32717
8.4 - High
- June 11, 2025
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Use after free in Microsoft Office
CVE-2025-47953
8.4 - High
- June 10, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper Restriction of Names for Files and Other Resources
Use after free in Microsoft Office Word
CVE-2025-47957
8.4 - High
- June 10, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office
CVE-2025-47162
8.4 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Use after free in Microsoft Office
CVE-2025-47164
8.4 - High
- June 10, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-47165
7.8 - High
- June 10, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Access of resource using incompatible type ('type confusion') in Microsoft Office
CVE-2025-47167
8.4 - High
- June 10, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Use after free in Microsoft Office Word
CVE-2025-47168
7.8 - High
- June 10, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office Word
CVE-2025-47169
7.8 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Use after free in Microsoft Office Word
CVE-2025-47170
7.8 - High
- June 10, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Improper input validation in Microsoft Office Outlook
CVE-2025-47171
6.7 - Medium
- June 10, 2025
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Improper Input Validation
Improper input validation in Microsoft Office
CVE-2025-47173
7.8 - High
- June 10, 2025
Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper Restriction of Names for Files and Other Resources
Heap-based buffer overflow in Microsoft Office Excel
CVE-2025-47174
7.8 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Use after free in Microsoft Office PowerPoint
CVE-2025-47175
7.8 - High
- June 10, 2025
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Dangling pointer
'.../...//' in Microsoft Office Outlook allows an authorized
CVE-2025-47176
7.8 - High
- June 10, 2025
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Out-of-bounds read in Microsoft Office Excel
CVE-2025-30381
7.8 - High
- May 13, 2025
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Release of invalid pointer or reference in Microsoft Office Excel
CVE-2025-30379
7.8 - High
- May 13, 2025
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Release of Invalid Pointer or Reference
Use after free in Microsoft Office
CVE-2025-30377
7.8 - High
- May 13, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office Excel
CVE-2025-30376
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Memory Corruption
Out-of-bounds read in Microsoft Office Outlook
CVE-2025-32705
7.8 - High
- May 13, 2025
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Buffer over-read in Microsoft Office Excel
CVE-2025-32704
7.8 - High
- May 13, 2025
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Use after free in Microsoft Office Excel
CVE-2025-30393
7.8 - High
- May 13, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel
CVE-2025-30383
7.8 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Use after free in Microsoft Office
CVE-2025-30386
7.8 - High
- May 13, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel
CVE-2025-30375
7.8 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Heap-based buffer overflow in Microsoft Office Excel
CVE-2025-29979
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Memory Corruption
Use after free in Microsoft Office PowerPoint
CVE-2025-29978
7.8 - High
- May 13, 2025
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-29977
7.8 - High
- May 13, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office
CVE-2025-27745
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office
CVE-2025-27746
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Word
CVE-2025-27747
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Use after free in Microsoft Office
CVE-2025-27748
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office
CVE-2025-27749
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-27750
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-27751
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office Excel
CVE-2025-27752
7.8 - High
- April 08, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Access of resource using incompatible type ('type confusion') in Microsoft Office
CVE-2025-29791
7.8 - High
- April 08, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Use after free in Microsoft Office
CVE-2025-29792
7.3 - High
- April 08, 2025
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Dangling pointer
Improper input validation in Microsoft Office Word
CVE-2025-29816
7.5 - High
- April 08, 2025
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.
Acceptance of Extraneous Untrusted Data With Trusted Data
Use after free in Microsoft Office Word
CVE-2025-29820
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-29823
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Out-of-bounds read in Microsoft Office
CVE-2025-26642
7.8 - High
- April 08, 2025
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Use after free in Microsoft Office Word
CVE-2025-24078
7 - High
- March 11, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Untrusted pointer dereference in Microsoft Office
CVE-2025-24083
7.8 - High
- March 11, 2025
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Use after free in Microsoft Office
CVE-2025-26629
7.8 - High
- March 11, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Access
CVE-2025-26630
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office
CVE-2025-24057
7.8 - High
- March 11, 2025
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Stack-based buffer overflow in Microsoft Office Excel
CVE-2025-24075
7.8 - High
- March 11, 2025
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Stack Overflow
Use after free in Microsoft Office Word
CVE-2025-24077
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Word
CVE-2025-24079
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Word or by Microsoft? Click the Watch button to subscribe.
