You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-54907
About this tag
CVE-2025-54907 is a heap-based buffer overflow vulnerability in Microsoft Office Visio that allows remote code execution when a user opens a specially crafted Visio file. The flaw resides in the Visio document parser, where unsafe heap handling can corrupt memory and enable an attacker to execute code with the victim's privileges. Microsoft has published an advisory in its Security Update Guide, and users are advised to apply the latest patches and exercise caution with untrusted Visio files. This tag covers discussions on the vulnerability's impact, patch availability, and mitigation strategies for Windows users.
Microsoft’s Security Response Center has published an advisory for CVE-2025-54907, describing a heap-based buffer overflow in Microsoft Office Visio that can allow an unauthorized attacker to execute code in the context of the user who opens a malicious file. This is a document‑parser...