CVE-2025-49702: 
vulnerability analysis and mitigation

CVE-2025-49702 is a type confusion vulnerability discovered in Microsoft Office that was disclosed on July 8, 2025. The vulnerability affects multiple versions of Microsoft Office including Office 2016, Office 2019, Office 365 Apps, and Office Long Term Servicing Channel 2021 and 2024 across Windows (x86/x64) and macOS platforms (NVD).

The vulnerability is classified as a type confusion issue (CWE-843) where access of resource using incompatible type occurs in Microsoft Office. It has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability allows an unauthorized attacker to execute code locally on the affected system with the potential for high impacts on confidentiality, integrity, and availability of the system (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the security update KB5002742 for affected versions of Microsoft Office. The update is available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center (Microsoft Support).