CVE-2025-64677

Publication date

2025-12-18 22:02:08

Family

microsoft

State

PUBLISHED

Description

Improper neutralization of input during web page generation (cross-site scripting) in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.