Cyber Posture

CVE-2025-21346

High

Published: 14 January 2025

Published
14 January 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
EPSS Score 0.0031 54.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21346 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Microsoft Office. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the Microsoft Office security feature bypass vulnerability through timely application of vendor-provided patches as advised by MSRC.

SI-3 Malicious Code Protection partial match
preventdetect

Malicious code protection scans Office files upon opening or download to block exploits requiring user interaction with malicious documents.

CM-6 Configuration Settings partial match
prevent

Enforces hardened configuration settings in Microsoft Office, such as Protected View and macro restrictions, to strengthen security features against bypass.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
T1566.001 Spearphishing Attachment Initial Access
Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems.
attack.mitre.org →
Why these techniques?

The vulnerability is a security feature bypass in Microsoft Office exploited via user interaction with a malicious file (directly mapping to T1204.002 Malicious File); the description of tricking the user into opening such a file also plausibly facilitates delivery via T1566.001 Spearphishing Attachment.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Microsoft Office Security Feature Bypass Vulnerability

Deeper analysisAI

CVE-2025-21346 is a Security Feature Bypass Vulnerability affecting Microsoft Office. It has a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) and is associated with CWE-693 (Protection Mechanism Failure) along with NVD-CWE-noinfo.

The vulnerability can be exploited by an attacker with local access to the target system who tricks a user into performing an action, such as opening a malicious file, due to the low attack complexity and requirement for user interaction but no privileges. Successful exploitation allows the attacker to bypass security features, resulting in high integrity impact (I:H) and high availability impact (A:H), with no confidentiality impact (C:N).

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21346 provides guidance on mitigations and available patches.

Details

CWE(s)
CWE-693NVD-CWE-noinfo

Affected Products

microsoft
365 apps
all versions
microsoft
office
2016, 2019
microsoft
office long term servicing channel
2021, 2024

CVEs Like This One

CVE-2025-21383Same product: Microsoft 365 Apps
CVE-2025-21356Same product: Microsoft 365 Apps
CVE-2025-24057Same product: Microsoft 365 Apps
CVE-2025-24083Same product: Microsoft 365 Apps
CVE-2025-21345Same product: Microsoft 365 Apps
CVE-2025-21392Same product: Microsoft 365 Apps
CVE-2025-21387Same product: Microsoft 365 Apps
CVE-2025-21394Same product: Microsoft 365 Apps
CVE-2026-21509Same product: Microsoft 365 Apps
CVE-2025-54910Same product: Microsoft 365 Apps

References