Remote Code Execution Vulnerability in Microsoft Excel
CVE-2025-21387

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Office Online Server; Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021
Vendor: CVE Published:; 11 February 2025

Summary

Microsoft Excel is susceptible to a remote code execution vulnerability that allows attackers to execute arbitrary code on the user's system. This occurs when a user opens a specially crafted file in Excel. Successful exploitation could enable an attacker to gain the same user rights as the logged-in user, posing significant risks to data integrity and confidentiality. Users are advised to apply the latest security updates from Microsoft to mitigate this risk.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5487.1000

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 11, 2024