Security Updates for Microsoft PowerPoint Products (September 2025)

🗓️ 09 Sep 2025 00:00:00Reported by TenableType

Missing security update for PowerPoint; remote code execution could bypass authentication.

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2025-54908	9 Sep 202516:23	–	circl
CNNVD	Microsoft Office PowerPoint 资源管理错误漏洞	9 Sep 202500:00	–	cnnvd
CNVD	Microsoft PowerPoint Code Execution Vulnerability (CNVD-2025-26723)	11 Sep 202500:00	–	cnvd
CVE	CVE-2025-54908	9 Sep 202517:00	–	cve
Cvelist	CVE-2025-54908 Microsoft PowerPoint Remote Code Execution Vulnerability	9 Sep 202517:00	–	cvelist
EUVD	EUVD-2025-27349	3 Oct 202520:07	–	euvd
Microsoft KB	Description of the security update for PowerPoint 2016: September 09, 2025 (KB5002779)	9 Sep 202507:00	–	mskb
Kaspersky	KLA87440 Multiple vulnerabilities in Microsoft Office	9 Sep 202500:00	–	kaspersky
Microsoft CVE	Microsoft PowerPoint Remote Code Execution Vulnerability	9 Sep 202507:00	–	mscve
NCSC	Vulnerabilities fixed in Microsoft Office	9 Sep 202518:23	–	ncsc

Source	Link
support	www.support.microsoft.com/en-us/help/5002779
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(261805);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/29");

  script_cve_id("CVE-2025-54908");
  script_xref(name:"MSKB", value:"5002779");
  script_xref(name:"MSFT", value:"MS25-5002779");
  script_xref(name:"IAVA", value:"2025-A-0667-S");

  script_name(english:"Security Updates for Microsoft PowerPoint Products (September 2025)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft PowerPoint Products are missing a security update.");
  script_set_attribute(attribute:"description", value:
"The Microsoft PowerPoint Products are missing a security update. They are, therefore, affected by a remote code
execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary
commands.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5002779");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released KB5002779 to address this issue.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-54908");
  script_cwe_id(416);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("office_installed.nasl", "microsoft_office_compatibility_pack_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('vcf_extras_office.inc');

var bulletin = 'MS25-09';
var kbs = make_list(
  '5002779'
);

var constraints = [
  { 'kb':'5002779', 'channel':'MSI', 'fixed_version': '16.0.5517.1000', 'sp' : 0}
];

vcf::microsoft::office_product::check_version_and_report(
  kbs:kbs,
  constraints:constraints,
  severity:SECURITY_HOLE,
  bulletin:bulletin,
  subproduct:'PowerPoint'
);

29 Oct 2025 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.17.8

EPSS0.00207

SSVC