CVE-2025-21354
Published: 14 January 2025
Summary
CVE-2025-21354 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 19.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft Excel is affected by a remote code execution vulnerability, CVE-2025-21354, which carries a CVSS 3.1 score of 8.4 under the vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue is linked to CWE-822 and enables arbitrary code execution on affected installations of the spreadsheet application.
An attacker with local access to a vulnerable system can trigger the flaw without credentials or user interaction, achieving full control over confidentiality, integrity, and availability of the host. The attack surface is therefore limited to scenarios where an adversary can already place or invoke malicious content locally.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21354 supplies official remediation details. Exploitation probability has stayed low, with the EPSS score reaching a peak of only 0.0173.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2418
Vulnerability details
Microsoft Excel Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a client-side RCE in Microsoft Excel allowing arbitrary code execution with no user interaction, directly mapping to exploitation for client execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the Microsoft Excel RCE vulnerability stemming from CWE-822 untrusted pointer dereference by requiring timely application of vendor patches.
Implements memory safeguards such as ASLR and DEP that comprehensively mitigate exploitation of untrusted pointer dereference leading to arbitrary code execution.
Provides process isolation to limit the impact of RCE within the Excel instance, containing potential code execution to the application's execution domain.