CVE-2025-21362

High

Published: 14 January 2025

Published

14 January 2025

Modified

01 July 2025

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0063 70.4th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21362 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 29.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation directly prevents exploitation of CVE-2025-21362 by requiring timely application of Microsoft's security update for the use-after-free vulnerability in Excel.

SI-16 Memory Protection partial match

prevent

Memory protection techniques like ASLR, DEP, and control flow guard mitigate exploitation of the use-after-free error in Excel by complicating arbitrary code execution.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Vulnerability scanning and monitoring identifies the presence of CVE-2025-21362 in deployed Excel instances, enabling targeted remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Use-after-free vulnerability in Microsoft Excel enabling arbitrary code execution in the client application context directly maps to Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Microsoft Excel Remote Code Execution Vulnerability

Deeper analysisAI

CVE-2025-21362 is a remote code execution vulnerability affecting Microsoft Excel. It stems from a use-after-free error (CWE-416) and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on January 14, 2025.

An attacker with local access to the target system can exploit this vulnerability with low complexity and no required privileges or user interaction. Successful exploitation allows the attacker to achieve high-impact remote code execution, potentially compromising confidentiality, integrity, and availability by executing arbitrary code in the context of the Excel process.

Microsoft's Security Response Center provides detailed guidance and patch information in their update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21362, recommending affected users apply the available security updates to mitigate the issue.

Details

CWE(s): CWE-416 NVD-CWE-noinfo

Affected Products

microsoft

365 apps

all versions

microsoft

excel

2016

microsoft

office

2019

microsoft

office long term servicing channel

2021, 2024

microsoft

office online server

≤ 16.0.10416.20047

CVEs Like This One

CVE-2025-24081Same product: Microsoft 365 Apps

CVE-2025-21386Same product: Microsoft 365 Apps

CVE-2026-20950Same product: Microsoft 365 Apps

CVE-2025-24082Same product: Microsoft 365 Apps

CVE-2026-26107Same product: Microsoft 365 Apps

CVE-2026-20952Same product: Microsoft 365 Apps

CVE-2025-62557Same product: Microsoft 365 Apps

CVE-2025-49695Same product: Microsoft 365 Apps

CVE-2025-24080Same product: Microsoft 365 Apps

CVE-2025-53731Same product: Microsoft 365 Apps

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21362
Patch, Vendor Advisory · secure@microsoft.com