Remote Code Execution Vulnerability in Microsoft Access
CVE-2025-21366

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 14 January 2025

Summary

A security flaw has been identified in Microsoft Access that allows attackers to execute arbitrary code remotely. This vulnerability can potentially enable an unauthorized user to gain control over affected systems. It highlights the importance of patch management and regular software updates to protect against such attacks. Users are advised to review the latest updates from Microsoft and ensure their systems are secured.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Access 2016 (32-bit edition) Unknown 16.0.0 < 16.0.5483.1001

Microsoft Access 2016 x64-based Systems 16.0.0 < 16.0.5483.1001

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 11, 2024