Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21390
7.8HIGH
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 11 February 2025
Summary
A vulnerability in Microsoft Excel allows an attacker to execute arbitrary code on the affected system when a user opens a specially crafted Excel file. This security flaw can lead to unauthorized access and potential system compromise, making it essential for users to apply relevant security patches and exercise caution when handling unfamiliar documents.
Affected Version(s)
Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1
Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5487.1000
Microsoft Office 2019 32-bit Systems 19.0.0
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved