Remote Code Execution Vulnerability in Microsoft Access
CVE-2025-21186

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 14 January 2025

What is CVE-2025-21186?

This vulnerability in Microsoft Access allows attackers to execute arbitrary code on the affected system. By exploiting this flaw, an attacker could manipulate how the application processes specific inputs, triggering remote code execution. Organizations using vulnerable versions of Microsoft Access should be vigilant and apply the necessary patches to mitigate potential risks. For further details, visit the Microsoft vendor advisory.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Access 2016 (32-bit edition) Unknown 16.0.0 < 16.0.5483.1001

Microsoft Access 2016 x64-based Systems 16.0.0 < 16.0.5483.1001

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 5, 2024