Microsoft 365 Apps
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft 365 Apps.
By the Year
In 2025 there have been 20 vulnerabilities in Microsoft 365 Apps with an average score of 7.7 out of ten. Last year, in 2024 365 Apps had 42 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in 365 Apps in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.03
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 20 | 7.66 |
| 2024 | 42 | 7.69 |
| 2023 | 55 | 7.35 |
| 2022 | 46 | 7.26 |
| 2021 | 64 | 7.45 |
| 2020 | 50 | 7.30 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new 365 Apps vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft 365 Apps Security Vulnerabilities
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21392
7.8 - High
- February 11, 2025
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21381
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Excel Information Disclosure Vulnerability
CVE-2025-21383
5.5 - Medium
- February 11, 2025
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21386
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21390
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21394
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21387
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21397
7.8 - High
- February 11, 2025
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21345
7.8 - High
- January 14, 2025
Microsoft Office Visio Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Security Feature Bypass Vulnerability
CVE-2025-21346
7.8 - High
- January 14, 2025
Microsoft Office Security Feature Bypass Vulnerability
Protection Mechanism Failure
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21354
7.8 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-21356
7.8 - High
- January 14, 2025
Microsoft Office Visio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21357
6.7 - Medium
- January 14, 2025
Microsoft Outlook Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362
8.4 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Word Remote Code Execution Vulnerability
CVE-2025-21363
7.8 - High
- January 14, 2025
Microsoft Word Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2025-21364
7.8 - High
- January 14, 2025
Microsoft Excel Security Feature Bypass Vulnerability
Marshaling, Unmarshaling
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-21365
7.8 - High
- January 14, 2025
Microsoft Office Remote Code Execution Vulnerability
Untrusted Path
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21366
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Dangling pointer
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21395
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21186
7.8 - High
- January 14, 2025
Microsoft Access Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Access Remote Code Execution Vulnerability
CVE-2024-49142
7.8 - High
- December 12, 2024
Microsoft Access Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-49059
7 - High
- December 12, 2024
Microsoft Office Elevation of Privilege Vulnerability
Race Condition
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-49065
5.5 - Medium
- December 12, 2024
Microsoft Office Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49069
7.8 - High
- December 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft Office Graphics Component Remote Code Execution Vulnerability
CVE-2024-49031
7.8 - High
- November 12, 2024
Microsoft Office Graphics Remote Code Execution Vulnerability
Buffer Over-read
Microsoft Office Graphics Component Remote Code Execution Vulnerability
CVE-2024-49032
7.8 - High
- November 12, 2024
Microsoft Office Graphics Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49026
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Command Injection
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Word Security Feature Bypass Vulnerability
CVE-2024-49033
7.5 - High
- November 12, 2024
Microsoft Word Security Feature Bypass Vulnerability
Improper Input Validation
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-43504
7.8 - High
- October 08, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-43616
7.8 - High
- October 08, 2024
Microsoft Office Remote Code Execution Vulnerability
Untrusted Path
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-43505
7.8 - High
- October 08, 2024
Microsoft Office Visio Remote Code Execution Vulnerability
Insufficient UI Warning of Dangerous Operations
Microsoft Office Spoofing Vulnerability
CVE-2024-43609
6.5 - Medium
- October 08, 2024
Microsoft Office Spoofing Vulnerability
Information Disclosure
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-43576
7.8 - High
- October 08, 2024
Microsoft Office Remote Code Execution Vulnerability
Untrusted Path
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-38016
7.8 - High
- September 19, 2024
Microsoft Office Visio Remote Code Execution Vulnerability
Authorization
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-43463
7.8 - High
- September 10, 2024
Microsoft Office Visio Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Elevation of Privilege Vulnerability
CVE-2024-43465
7.8 - High
- September 10, 2024
Microsoft Excel Elevation of Privilege Vulnerability
Dangling pointer
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-38169
7.8 - High
- August 13, 2024
Microsoft Office Visio Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38170
7.1 - High
- August 13, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2024-38171
7.8 - High
- August 13, 2024
Microsoft PowerPoint Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38172
7.8 - High
- August 13, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-38173
6.7 - Medium
- August 13, 2024
Microsoft Outlook Remote Code Execution Vulnerability
RCE in Microsoft Project
CVE-2024-38189
8.8 - High
- August 13, 2024
Microsoft Project Remote Code Execution Vulnerability
Improper Input Validation
Microsoft Office Spoofing Vulnerability
CVE-2024-38200
6.5 - Medium
- August 12, 2024
Microsoft Office Spoofing Vulnerability
Information Disclosure
Microsoft Outlook Spoofing Vulnerability
CVE-2024-38020
6.5 - Medium
- July 09, 2024
Microsoft Outlook Spoofing Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-38021
8.8 - High
- July 09, 2024
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30104
7.8 - High
- June 11, 2024
Microsoft Office Remote Code Execution Vulnerability
insecure temporary file
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30101
7.5 - High
- June 11, 2024
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30102
7.3 - High
- June 11, 2024
Microsoft Office Remote Code Execution Vulnerability
Dangling pointer
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-30103
8.8 - High
- June 11, 2024
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-30042
7.8 - High
- May 14, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-26257
7.8 - High
- April 09, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-26199
7.8 - High
- March 12, 2024
Microsoft Office Elevation of Privilege Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21413
9.8 - Critical
- February 13, 2024
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21378
8.8 - High
- February 13, 2024
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
CVE-2024-21379
7.8 - High
- February 13, 2024
Microsoft Word Remote Code Execution Vulnerability
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2024-21384
7.8 - High
- February 13, 2024
Microsoft Office OneNote Remote Code Execution Vulnerability
Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2024-21402
7.1 - High
- February 13, 2024
Microsoft Outlook Elevation of Privilege Vulnerability
A security vulnerability exists in FBX that could lead to remote code execution
CVE-2024-20677
7.8 - High
- January 09, 2024
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update.
Microsoft Outlook Information Disclosure Vulnerability
CVE-2023-35636
6.5 - Medium
- December 12, 2023
Microsoft Outlook Information Disclosure Vulnerability
Microsoft Word Information Disclosure Vulnerability
CVE-2023-36009
5.5 - Medium
- December 12, 2023
Microsoft Word Information Disclosure Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36037
7.8 - High
- November 14, 2023
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36041
7.8 - High
- November 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-36413
6.5 - Medium
- November 14, 2023
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-36045
7.8 - High
- November 14, 2023
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2023-36568
7 - High
- October 10, 2023
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-36569
8.4 - High
- October 10, 2023
Microsoft Office Elevation of Privilege Vulnerability
Microsoft Word Information Disclosure Vulnerability
CVE-2023-36761
6.5 - Medium
- September 12, 2023
Microsoft Word Information Disclosure Vulnerability
Microsoft Word Remote Code Execution Vulnerability
CVE-2023-36762
7.3 - High
- September 12, 2023
Microsoft Word Remote Code Execution Vulnerability
Microsoft Outlook Information Disclosure Vulnerability
CVE-2023-36763
7.5 - High
- September 12, 2023
Microsoft Outlook Information Disclosure Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2023-36766
5.5 - Medium
- September 12, 2023
Microsoft Excel Information Disclosure Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-36767
4.3 - Medium
- September 12, 2023
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office Spoofing Vulnerability
CVE-2023-41764
5.5 - Medium
- September 12, 2023
Microsoft Office Spoofing Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36865
7.8 - High
- August 08, 2023
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36866
7.8 - High
- August 08, 2023
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Outlook Spoofing Vulnerability
CVE-2023-36893
6.5 - Medium
- August 08, 2023
Microsoft Outlook Spoofing Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-36895
7.8 - High
- August 08, 2023
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36896
7.8 - High
- August 08, 2023
Microsoft Excel Remote Code Execution Vulnerability
Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-36897
6.5 - Medium
- August 08, 2023
Visual Studio Tools for Office Runtime Spoofing Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2023-35371
7.8 - High
- August 08, 2023
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-35372
7.8 - High
- August 08, 2023
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-33148
7.8 - High
- July 11, 2023
Microsoft Office Elevation of Privilege Vulnerability
Microsoft ActiveX Remote Code Execution Vulnerability
CVE-2023-33152
7.8 - High
- July 11, 2023
Microsoft ActiveX Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-33149
7.8 - High
- July 11, 2023
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2023-35311
8.8 - High
- July 11, 2023
Microsoft Outlook Security Feature Bypass Vulnerability
TOCTTOU
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-33153
8.8 - High
- July 11, 2023
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-33150
9.6 - Critical
- July 11, 2023
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Outlook Spoofing Vulnerability
CVE-2023-33151
6.5 - Medium
- July 11, 2023
Microsoft Outlook Spoofing Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33158
7.8 - High
- July 11, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33161
7.8 - High
- July 11, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Information Disclosure Vulnerability
CVE-2023-33162
5.5 - Medium
- July 11, 2023
Microsoft Excel Information Disclosure Vulnerability
Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-28287
7.8 - High
- June 17, 2023
Microsoft Publisher Remote Code Execution Vulnerability
Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-28295
7.8 - High
- June 17, 2023
Microsoft Publisher Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33133
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-32029
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2023-33146
7.8 - High
- June 14, 2023
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2023-29344
7.8 - High
- June 05, 2023
Microsoft Office Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office Long Term Servicing Channel or by Microsoft? Click the Watch button to subscribe.
