Detections
Analytics
Security Updates for Microsoft Office Online Server (November 2025)
high Nessus Plugin ID 274791
Language:
Synopsis
The Microsoft Office Online Server installation on the remote host is affected by multiple vulnerabilities.Description
The Microsoft Office Online Server installation on the remote host is missing security updates. It is, therefore, affected by the following vulnerabilities:- Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. (CVE-2025-60726)
- Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
(CVE-2025-60727)
- Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. (CVE-2025-62200)
- Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. (CVE-2025-62201)
- Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. (CVE-2025-62202)
- Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
(CVE-2025-62203)
Solution
Microsoft has released 5002801 to address this issue.See Also
Plugin Details
Severity: High
ID: 274791
File Name: smb_nt_ms25_nov_office_web.nasl
Version: 1.2
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 11/11/2025
Updated: 11/14/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v3
Risk Factor: High
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:microsoft:office_online_server, cpe:/a:microsoft:office_web_apps
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Patch Publication Date: 11/11/2025
Vulnerability Publication Date: 11/11/2025
Reference Information
CVE: CVE-2025-60726, CVE-2025-60727, CVE-2025-62200, CVE-2025-62201, CVE-2025-62202, CVE-2025-62203