Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21390

7.8HIGH

Key Information:

Summary

A vulnerability in Microsoft Excel allows an attacker to execute arbitrary code on the affected system when a user opens a specially crafted Excel file. This security flaw can lead to unauthorized access and potential system compromise, making it essential for users to apply relevant security patches and exercise caution when handling unfamiliar documents.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5487.1000

Microsoft Office 2019 32-bit Systems 19.0.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.