Relative Path Traversal Vulnerability in Microsoft Office Access
CVE-2025-62552

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-62552?

A vulnerability in Microsoft Office Access allows an unauthorized attacker to exploit relative path traversal, potentially leading to the execution of arbitrary code on the affected system. This issue highlights the importance of securing applications against unauthorized local execution. Users should ensure their systems are updated to mitigate potential risks.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Access 2016 (32-bit edition) Unknown 16.0.0 < 16.0.5530.1000

Microsoft Access 2016 x64-based Systems 16.0.0 < 16.0.5530.1000

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 15, 2025

JSON