CVE-2025-21186
Published: 14 January 2025
Summary
CVE-2025-21186 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 20.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft Access contains a remote code execution vulnerability tracked as CVE-2025-21186. The flaw, assigned a CVSS 7.8 rating with an attack vector of local access, low complexity, no privileges required, and required user interaction, stems from a heap-based buffer overflow (CWE-122) that can allow arbitrary code to run when a crafted database file is processed.
An attacker can exploit the issue by supplying a malicious Access file to a target user, for example via email or a shared location. Successful exploitation grants the attacker the ability to execute code with the privileges of the current user, potentially leading to full control over confidentiality, integrity, and availability of the affected system.
Microsoft has published an advisory and corresponding security update for the vulnerability at the Microsoft Security Response Center. Administrators should apply the official patch and follow the guidance provided in the update to mitigate the risk.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2265
Vulnerability details
Microsoft Access Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in Microsoft Access enables client-side RCE when a user opens a malicious file (T1204.002), directly mapping to exploitation for client execution (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely remediation of flaws, directly addressing the heap-based buffer overflow in Microsoft Access by applying vendor patches to prevent exploitation via malicious files.
SI-16 enforces memory protections like ASLR and DEP, which mitigate heap-based buffer overflow exploits allowing arbitrary code execution in Microsoft Access.
SI-3 deploys malicious code protection tools to scan and block malicious Access files before user interaction triggers the remote code execution vulnerability.