CVE-2025-29867

CVE-2025-29867 is a high-severity vulnerability with a CVSS 4.0 base score of 8.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-843.

Key facts

Description

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.

Frequently asked questions

What is CVE-2025-29867?
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.
How severe is CVE-2025-29867?
CVE-2025-29867 has a CVSS 4.0 base score of 8.5, rated high severity.
Is CVE-2025-29867 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (15th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2025-29867?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2025-29867 have an EU (EUVD) identifier?
Yes. CVE-2025-29867 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-206779.
When was CVE-2025-29867 published?
CVE-2025-29867 was published on 2026-02-04 and last updated on 2026-06-17.

References

Other CWE-843 vulnerabilities

Browse all CWE-843 vulnerabilities →