Cyber Resilience

CVE-2025-21383

High

Published: 11 February 2025

Published
11 February 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0034 57.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21383 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 42.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-21383 is an information disclosure vulnerability in Microsoft Excel, stemming from CWE-125 (Out-of-bounds Read). It affects Microsoft Excel as part of the Microsoft Office suite, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-02-11.

An attacker with local access can exploit this vulnerability by tricking a user into performing an action, such as opening a malicious Excel file, due to the low attack complexity and requirement for user interaction but no special privileges. Successful exploitation allows the attacker to achieve high impacts across confidentiality, integrity, and availability, potentially disclosing sensitive information, modifying data, or disrupting system resources.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21383 recommends applying the available security updates to mitigate the vulnerability, as detailed in the update guide.

EU & UK References

Vulnerability details

Microsoft Excel Information Disclosure Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1566.001 Spearphishing Attachment Initial Access
Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems.
Why these techniques?

Vulnerability exploited by tricking user into opening malicious Excel file (T1204.002), commonly delivered via spearphishing attachment (T1566.001); out-of-bounds read enables info disclosure and high impact on client system.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20946Same product: Microsoft 365 Apps
CVE-2025-21387Same product: Microsoft 365 Apps
CVE-2025-21394Same product: Microsoft 365 Apps
CVE-2026-40360Same product: Microsoft 365 Apps
CVE-2026-26109Same product: Microsoft 365 Apps
CVE-2025-21346Same product: Microsoft 365 Apps
CVE-2026-20944Same product: Microsoft 365 Apps
CVE-2025-21381Same product: Microsoft 365 Apps
CVE-2026-40362Same product: Microsoft 365 Apps
CVE-2025-24082Same product: Microsoft 365 Apps

Affected Assets

microsoft
365 apps
all versions
microsoft
excel
2016
microsoft
office
2019
microsoft
office long term servicing channel
2021, 2024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-21383 by requiring identification, prioritization, and timely remediation of the out-of-bounds read flaw through application of Microsoft security updates.

preventdetect

Deploys anti-malware scanning at system entry points to detect and block malicious Excel files exploiting the out-of-bounds read vulnerability.

prevent

Establishes and enforces secure configuration settings for Microsoft Excel, such as Protected View and disabled legacy features, to prevent exploitation upon opening malicious files.

References