Microsoft has published an advisory for CVE-2025-54903, a use‑after‑free vulnerability in Microsoft Excel that can lead to local code execution when a victim opens a specially crafted spreadsheet — a document‑based remote code execution (RCE) risk that should be treated as high priority for both...
Microsoft’s security tracker now lists CVE-2025-54899 as a memory-safety flaw in Microsoft Excel that can lead to local code execution when a crafted spreadsheet is opened — an entry that joins a steady stream of Excel parsing bugs that remain a favored initial-access vector for attackers...
Title: CVE-2025-53761 — Use‑After‑Free in Microsoft PowerPoint (Local Code Execution) — What defenders need to know now
Summary (TL;DR)
Microsoft lists CVE-2025-53761 as a use‑after‑free vulnerability in Microsoft Office PowerPoint that “allows an unauthorized attacker to execute code locally.”...