Remote Code Execution Vulnerability in Microsoft Excel
CVE-2025-21354

8.4HIGH

Key Information:

Vendor: Microsoft
Status: Office Online Server; Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021
Vendor: CVE Published:; 14 January 2025

Badges

👾 Exploit Exists📰 News Worthy

Summary

A remote code execution vulnerability exists in Microsoft Excel that could allow an attacker to execute arbitrary code on the affected system if a user opens a specially crafted Office file. This vulnerability can pose significant risks, allowing unauthorized access to sensitive data and control over the user's machine.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

News Articles

CyberScoop

CVE-2025-21354 CVE-2025-21362

Microsoft fixes 159 vulnerabilities in first Patch Tuesday of 2025

Microsoft has addressed a total of 159 vulnerabilities in the first Patch Tuesday of 2025, covering a broad spectrum of products.

21 hours ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Jan 14, 2025
📰
First article discovered by CyberScoop
Jan 14, 2025
Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 11, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Microsoft fixes 159 vulnerabilities in first Patch Tuesday of 2025

References

CVSS V3.1

Timeline