CVE-2025-21361
Published: 14 January 2025
Summary
CVE-2025-21361 is a high-severity Improper Restriction of Names for Files and Other Resources (CWE-641) vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 27.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2025-21361 is a Remote Code Execution vulnerability affecting Microsoft Outlook. Published on 2025-01-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-641 and NVD-CWE-noinfo.
Exploitation requires local access to the target system, low attack complexity, no special privileges, and user interaction. A local attacker could leverage this to execute arbitrary code, resulting in high impacts to confidentiality, integrity, and availability on the affected system.
The Microsoft Security Response Center provides details on mitigation and patches in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21361.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2424
Vulnerability details
Microsoft Outlook Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a client-side RCE vulnerability in Microsoft Outlook requiring local access and user interaction to execute arbitrary code, directly mapping to exploitation of client applications for code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the specific flaw in Microsoft Outlook by requiring timely patching as provided by Microsoft Security Response Center.
Deploys malicious code protection on user devices to scan and block potentially exploitable content in Outlook such as malicious attachments requiring user interaction.
Implements memory protections like DEP and ASLR to mitigate remote code execution exploits even if the Outlook vulnerability is triggered.