Cyber Resilience

CVE-2021-27059

HighCISA KEVActive ExploitationEUVD Exploited

Published: 11 March 2021

Published
11 March 2021
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0276 86.3th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-27059 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 7.6 (High).

Operationally, ranked in the top 13.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2021-27059 is a remote code execution vulnerability affecting Microsoft Office. It carries a CVSS 3.1 base score of 7.6 with the vector AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H, indicating network-accessible exploitation that requires high attack complexity, high privileges, and user interaction while producing high impacts on confidentiality, integrity, and availability along with a scope change.

An attacker meeting the privilege and interaction prerequisites can leverage the flaw to execute arbitrary code on an affected system, potentially compromising the confidentiality, integrity, and availability of data across security boundaries.

Microsoft has published remediation guidance through its Security Response Center advisory, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming real-world exploitation activity.

EU & UK References

Vulnerability details

Microsoft Office Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2010, 2013, 2016

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of Microsoft patches that remediate CVE-2021-27059 before exploitation can succeed.

prevent

Enforces least-privilege execution so that even a successful Office RCE cannot obtain the high privileges required by the CVSS vector.

prevent

Restricts Office functionality (e.g., macros, embedded objects) that an attacker must abuse to trigger the RCE after user interaction.

References