CVE-2025-21345
Published: 14 January 2025
Summary
CVE-2025-21345 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 21.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-21345 is a remote code execution vulnerability in Microsoft Office Visio, tracked under CWE-416 for use-after-free conditions. It carries a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, no required privileges, and required user interaction, with high impact on confidentiality, integrity, and availability.
An attacker can exploit the flaw by supplying a malicious Visio document that a victim opens locally; successful exploitation grants arbitrary code execution in the context of the current user without needing elevated rights.
Microsoft publishes mitigation and patch details for this issue in its Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21345. The associated EPSS score remains low, with a current value of 0.0114 and a peak of 0.0199.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2410
Vulnerability details
Microsoft Office Visio Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
This client-side RCE vulnerability in Microsoft Visio requires user interaction to open a malicious file (UI:R, AV:L) and directly enables arbitrary code execution, mapping to Exploitation for Client Execution (T1203) and User Execution via Malicious File (T1204.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the Use After Free vulnerability by requiring timely installation of Microsoft patches for affected Visio versions.
Implements memory safeguards such as DEP and ASLR to protect against code execution exploits stemming from the Visio Use After Free flaw.
Deploys malicious code protection to scan and block malicious Visio files that could trigger the remote code execution vulnerability.