CVE-2025-21356
Published: 14 January 2025
Summary
CVE-2025-21356 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 20.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft Office Visio contains a remote code execution vulnerability tracked as CVE-2025-21356. The flaw carries a CVSS 3.1 score of 7.8 and is associated with CWE-122 and CWE-843. It affects the Visio component of Microsoft Office and enables an attacker to execute arbitrary code when a user opens a specially crafted file.
An unauthenticated local attacker can exploit the issue by supplying a malicious document that the victim must open, satisfying the UI:R requirement. Successful exploitation grants full control over confidentiality, integrity, and availability on the target system without any prior privileges.
The official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21356 contains the latest mitigation guidance and patch information. The associated EPSS score remains low, with a current value of 0.0122 and a peak of 0.0183.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2419
Vulnerability details
Microsoft Office Visio Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability is a client-side RCE in Visio triggered by opening a malicious file, directly enabling T1203 (Exploitation for Client Execution) and T1204.002 (Malicious File under User Execution).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely patching of the specific heap-based buffer overflow vulnerability in Microsoft Office Visio to prevent exploitation via malicious files.
Implements memory protection safeguards such as ASLR and DEP that directly mitigate heap-based buffer overflow exploitation during Visio file parsing.
Deploys malicious code protection mechanisms like antivirus scanners to block or detect malicious Visio files before user interaction leads to RCE.