Remote Code Execution Vulnerability in Microsoft Office
CVE-2025-24083

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Microsoft Office Ltsc For Mac 2021
Microsoft Office Ltsc 2021
Vendor
CVE Published:
11 March 2025

Summary

An untrusted pointer dereference vulnerability in Microsoft Office can allow an unauthorized attacker to execute arbitrary code locally. This flaw may lead to significant security risks as attackers can exploit it to gain control over an affected system or access sensitive information. Users are encouraged to apply necessary security updates to mitigate potential threats associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2016 32-bit Systems 16.0.0 < 16.0.5491.1001

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.