365 Apps Microsoft 365 Apps

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft 365 Apps.

By the Year

In 2025 there have been 73 vulnerabilities in Microsoft 365 Apps with an average score of 7.8 out of ten. Last year, in 2024 365 Apps had 42 security vulnerabilities published. That is, 31 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.08.




Year Vulnerabilities Average Score
2025 73 7.77
2024 42 7.69
2023 55 7.35
2022 46 7.26
2021 64 7.45
2020 50 7.30
2019 0 0.00
2018 0 0.00

It may take a day or so for new 365 Apps vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft 365 Apps Security Vulnerabilities

Heap-based buffer overflow in Microsoft Office Word

CVE-2025-32717 8.4 - High - June 11, 2025

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Use after free in Microsoft Office

CVE-2025-47953 8.4 - High - June 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper Restriction of Names for Files and Other Resources

Use after free in Microsoft Office Word

CVE-2025-47957 8.4 - High - June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office

CVE-2025-47162 8.4 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Use after free in Microsoft Office

CVE-2025-47164 8.4 - High - June 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Excel

CVE-2025-47165 7.8 - High - June 10, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Access of resource using incompatible type ('type confusion') in Microsoft Office

CVE-2025-47167 8.4 - High - June 10, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Use after free in Microsoft Office Word

CVE-2025-47168 7.8 - High - June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office Word

CVE-2025-47169 7.8 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Use after free in Microsoft Office Word

CVE-2025-47170 7.8 - High - June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Improper input validation in Microsoft Office Outlook

CVE-2025-47171 6.7 - Medium - June 10, 2025

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Improper Input Validation

Improper input validation in Microsoft Office

CVE-2025-47173 7.8 - High - June 10, 2025

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper Restriction of Names for Files and Other Resources

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-47174 7.8 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Use after free in Microsoft Office PowerPoint

CVE-2025-47175 7.8 - High - June 10, 2025

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Dangling pointer

'.../...//' in Microsoft Office Outlook allows an authorized

CVE-2025-47176 7.8 - High - June 10, 2025

'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Excel

CVE-2025-30381 7.8 - High - May 13, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Release of invalid pointer or reference in Microsoft Office Excel

CVE-2025-30379 7.8 - High - May 13, 2025

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Release of Invalid Pointer or Reference

Use after free in Microsoft Office

CVE-2025-30377 7.8 - High - May 13, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-30376 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Memory Corruption

Out-of-bounds read in Microsoft Office Outlook

CVE-2025-32705 7.8 - High - May 13, 2025

Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Buffer over-read in Microsoft Office Excel

CVE-2025-32704 7.8 - High - May 13, 2025

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Use after free in Microsoft Office Excel

CVE-2025-30393 7.8 - High - May 13, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel

CVE-2025-30383 7.8 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Use after free in Microsoft Office

CVE-2025-30386 7.8 - High - May 13, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel

CVE-2025-30375 7.8 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-29979 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Memory Corruption

Use after free in Microsoft Office PowerPoint

CVE-2025-29978 7.8 - High - May 13, 2025

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Excel

CVE-2025-29977 7.8 - High - May 13, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office

CVE-2025-27745 7.8 - High - April 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office

CVE-2025-27746 7.8 - High - April 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Word

CVE-2025-27747 7.8 - High - April 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Use after free in Microsoft Office

CVE-2025-27748 7.8 - High - April 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office

CVE-2025-27749 7.8 - High - April 08, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Excel

CVE-2025-27750 7.8 - High - April 08, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Excel

CVE-2025-27751 7.8 - High - April 08, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-27752 7.8 - High - April 08, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Access of resource using incompatible type ('type confusion') in Microsoft Office

CVE-2025-29791 7.8 - High - April 08, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Use after free in Microsoft Office

CVE-2025-29792 7.3 - High - April 08, 2025

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

Dangling pointer

Improper input validation in Microsoft Office Word

CVE-2025-29816 7.5 - High - April 08, 2025

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

Acceptance of Extraneous Untrusted Data With Trusted Data

Use after free in Microsoft Office Word

CVE-2025-29820 7.8 - High - April 08, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Excel

CVE-2025-29823 7.8 - High - April 08, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Out-of-bounds read in Microsoft Office

CVE-2025-26642 7.8 - High - April 08, 2025

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Use after free in Microsoft Office Word

CVE-2025-24078 7 - High - March 11, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Untrusted pointer dereference in Microsoft Office

CVE-2025-24083 7.8 - High - March 11, 2025

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Use after free in Microsoft Office

CVE-2025-26629 7.8 - High - March 11, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Access

CVE-2025-26630 7.8 - High - March 11, 2025

Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office

CVE-2025-24057 7.8 - High - March 11, 2025

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Stack-based buffer overflow in Microsoft Office Excel

CVE-2025-24075 7.8 - High - March 11, 2025

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Stack Overflow

Use after free in Microsoft Office Word

CVE-2025-24077 7.8 - High - March 11, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Word

CVE-2025-24079 7.8 - High - March 11, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Word or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe