Remote Code Execution Vulnerability in Microsoft Excel
CVE-2025-21362

8.4HIGH

Key Information:

Vendor

Microsoft
Status
Office Online Server
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Microsoft Office Ltsc For Mac 2021
Vendor
CVE Published:
14 January 2025

Badges

đź“° News Worthy

What is CVE-2025-21362?

This vulnerability in Microsoft Excel allows remote attackers to execute arbitrary code on the victim's machine. By tricking a user into opening a specially crafted Excel file, attackers can exploit this flaw to take control of the system, potentially leading to data theft or further malware installation. Users are urged to apply the latest updates provided by Microsoft to mitigate this risk.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5483.1001

Microsoft Office 2019 32-bit Systems 19.0.0

News Articles

favicon imageCyberScoop

Microsoft fixes 159 vulnerabilities in first Patch Tuesday of 2025

Microsoft has addressed a total of 159 vulnerabilities in the first Patch Tuesday of 2025, covering a broad spectrum of products.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by CyberScoop

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-21362 : Remote Code Execution Vulnerability in Microsoft Excel