Remote Code Execution Vulnerability in Microsoft Office
CVE-2025-62557

8.4HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office Ltsc 2024; Microsoft 365 Apps For Enterprise; Microsoft Office 2016; Microsoft Office 2019
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-62557?

A vulnerability in Microsoft Office enables an unauthorized attacker to execute arbitrary code locally on affected systems. This flaw arises from improper handling of memory within the software, which can be exploited to gain control over the application. Users are advised to apply the latest security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft 365 Apps for Enterprise x64-based Systems 16.0.1

Microsoft Office 2016 32-bit Systems 16.0.0 < 16.0.5530.1001

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 15, 2025

JSON