CVE-2025-21395
Published: 14 January 2025
Summary
CVE-2025-21395 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 16.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft Access contains a remote code execution vulnerability, CVE-2025-21395, caused by a heap-based buffer overflow. The issue affects the Microsoft Access component and received a CVSS 3.1 score of 7.8 reflecting local attack vector, low complexity, no required privileges, and required user interaction.
An attacker with the ability to supply a malicious file can trigger the flaw when the victim opens it in Access. Successful exploitation grants arbitrary code execution with full impact on confidentiality, integrity, and availability of the affected system.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21395 describes available patches and mitigation guidance. EPSS scores have remained low, with a current value of 0.0186 and a peak of only 0.0206.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2456
Vulnerability details
Microsoft Access Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Client-side RCE in Microsoft Access via malicious file requiring user interaction directly enables T1203 (Exploitation for Client Execution) and T1204.002 (Malicious File).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the Microsoft Access heap-based buffer overflow vulnerability by requiring timely identification, reporting, and patching of flaws like CVE-2025-21395.
Implements memory protections such as DEP, ASLR, and stack canaries that directly mitigate unauthorized code execution from heap buffer overflows (CWE-122) in Microsoft Access.
Deploys anti-malware tools to scan and block malicious Access files or detect code execution attempts exploiting the vulnerability.