Out-of-Bounds Read Vulnerability in Microsoft Office
CVE-2025-26642

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Office Online Server; Microsoft Sharepoint Server 2019; Microsoft Office 2019; Microsoft 365 Apps For Enterprise
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-26642?

Microsoft Office is susceptible to an out-of-bounds read vulnerability, which permits unauthorized attackers to execute arbitrary code locally. This flaw could lead to data exposure and system compromise, making it critical for users to apply the latest security updates and patches. The vulnerability emphasizes the importance of maintaining up-to-date software to mitigate risks.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Access 2016 (32-bit edition) Unknown 16.0.0 < 16.0.5495.1000

Microsoft Access 2016 x64-based Systems 16.0.0 < 16.0.5495.1000

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Feb 12, 2025