Remote Code Execution Vulnerability in Microsoft Excel
CVE-2025-21362

8.4HIGH

Key Information:

Vendor
Microsoft
Status
Office Online Server
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Microsoft Office Ltsc For Mac 2021
Vendor
CVE Published:
14 January 2025

Badges

πŸ“° News Worthy

Summary

This vulnerability in Microsoft Excel allows remote attackers to execute arbitrary code on the victim's machine. By tricking a user into opening a specially crafted Excel file, attackers can exploit this flaw to take control of the system, potentially leading to data theft or further malware installation. Users are urged to apply the latest updates provided by Microsoft to mitigate this risk.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5483.1001

Microsoft Office 2019 32-bit Systems 19.0.0

News Articles

favicon imageCyberScoop

Microsoft fixes 159 vulnerabilities in first Patch Tuesday of 2025

Microsoft has addressed a total of 159 vulnerabilities in the first Patch Tuesday of 2025, covering a broad spectrum of products.

21 hours ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by CyberScoop

  • Vulnerability published

  • Vulnerability Reserved

.