CVE-2025-29867

Summary

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.

Affected Software

VendorProductVersion RangeStatus
Hancom Inc.Hancom Office 20180 < 10.0.0.12681affected
Hancom Inc.Hancom Office 20200 < 11.0.0.8916affected
Hancom Inc.Hancom Office 20220 < 12.0.0.4426affected
Hancom Inc.Hancom Office 20240 < 13.0.0.3050affected

Weaknesses

  • CWE-843: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References