GDI+ Remote Code Execution Vulnerability in Microsoft Products
CVE-2025-21338
7.8HIGH
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 14 January 2025
What is CVE-2025-21338?
A remote code execution vulnerability exists in GDI+ that could allow an attacker to execute arbitrary code on a vulnerable system. This may occur when a user opens a specially crafted image file. Successful exploitation of the vulnerability could allow attackers to install programs; view, change, or delete data; or create new accounts with full user rights. To mitigate the risk, users are advised to ensure their software is up-to-date and to implement appropriate security measures.
Affected Version(s)
Microsoft Office for Android Unknown 16.0.1 < 16.0.18429.20000
Microsoft Office for iOS Unknown 2.0.0 < 2.93.24123014
Microsoft Office for Mac Unknown 1.0.0 < 16.93.25011212