7.8
CVE-2025-29822
- EPSS 0.78%
- Veröffentlicht 08.04.2025 17:23:32
- Zuletzt bearbeitet 08.07.2025 17:12:21
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft OneNote Security Feature Bypass Vulnerability
Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Office Long Term Servicing Channel Version2021 SwPlatform- HwPlatformx64
Microsoft ≫ Office Long Term Servicing Channel Version2021 SwPlatform- HwPlatformx86
Microsoft ≫ Office Long Term Servicing Channel Version2021 SwPlatformmacos
Microsoft ≫ Office Long Term Servicing Channel Version2024 SwPlatform- HwPlatformx64
Microsoft ≫ Office Long Term Servicing Channel Version2024 SwPlatform- HwPlatformx86
Microsoft ≫ Office Long Term Servicing Channel Version2024 SwPlatformmacos
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.78% | 0.517 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-184 Incomplete List of Disallowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29822