Cyber Resilience

CVE-2023-21715

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 February 2023

Published
14 February 2023
Modified
30 October 2025
KEV Added
14 February 2023
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0048 65.6th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-21715 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Microsoft 365 Apps. Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 34.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-21715 is a security feature bypass vulnerability in Microsoft Publisher, tracked under CWE-863 for incorrect authorization. It carries a CVSS 3.1 score of 7.3 with an attack vector that is local, low complexity, low privileges, and requires user interaction, resulting in high impact to confidentiality, integrity, and availability.

An attacker with local access and limited privileges can exploit the flaw after a user interacts with a crafted Publisher document, bypassing intended security controls to achieve full compromise of the affected system.

Microsoft has published remediation guidance through its Security Response Center update guide, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities.

EPSS for the issue rose from a low baseline to a peak of 0.0151 on 2023-03-07 before receding, indicating a temporary increase in observed exploitation interest following public disclosure.

EU & UK References

Vulnerability details

Microsoft Publisher Security Feature Bypass Vulnerability

CWE(s)
KEV Date Added
14 February 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
365 apps
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces correct authorization decisions to block the security feature bypass described in CWE-863 for this Publisher vulnerability.

prevent

Requires prompt application of the vendor patch that eliminates the authorization flaw being actively exploited per CISA KEV.

prevent

Limits privileges available to the low-privileged local attacker, reducing the impact of a successful bypass of Publisher protections.

References