CVE-2025-21365
Published: 14 January 2025
Summary
CVE-2025-21365 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Microsoft 365 Apps. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 27.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
Microsoft Office contains a remote code execution vulnerability tracked as CVE-2025-21365. The flaw carries a CVSS 3.1 score of 7.8 with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and is associated with CWE-426. It affects Microsoft Office components and permits an attacker to execute arbitrary code when specific local conditions are met.
An attacker can exploit the issue by supplying a malicious file or document that a user opens on a vulnerable system. Because the attack requires user interaction but no prior privileges, successful exploitation grants the attacker full control over confidentiality, integrity, and availability on the affected host.
Microsoft has published official guidance and remediation details for CVE-2025-21365 at the Microsoft Security Response Center advisory page. The current EPSS score of 0.0073 with a recorded peak of 0.0103 reflects persistently low exploitation probability since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2428
Vulnerability details
Microsoft Office Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is exploited by tricking a user into opening a malicious Office document, which directly maps to T1204.002 Malicious File and results in RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the vulnerability by requiring timely patching of Microsoft Office to remediate the untrusted search path flaw.
Deploys anti-malware tools to scan and prevent execution of malicious Office documents exploiting the untrusted search path.
Enforces secure configuration settings for Microsoft Office, such as safe DLL search mode, to restrict loading from untrusted paths.