Multiple vulnerabilities in Microsoft Office

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
2. A remote code execution vulnerability in Microsoft Office Visio can be exploited remotely to execute arbitrary code.
3. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
4. A security feature bypass vulnerability in Microsoft Excel can be exploited remotely to bypass security restrictions.
5. A remote code execution vulnerability in Microsoft Office OneNote can be exploited remotely to execute arbitrary code.
6. A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface.
7. A security feature bypass vulnerability in Microsoft Office can be exploited remotely to bypass security restrictions.
8. A remote code execution vulnerability in Microsoft Access can be exploited remotely to execute arbitrary code.
9. An elevation of privilege vulnerability in Microsoft AutoUpdate (MAU) can be exploited remotely to gain privileges.
10. A remote code execution vulnerability in Microsoft Outlook can be exploited remotely to execute arbitrary code.
11. A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
12. A remote code execution vulnerability in Microsoft Office can be exploited remotely to execute arbitrary code.
13. A remote code execution vulnerability in Microsoft Word can be exploited remotely to execute arbitrary code.

Fiches de renseignement originales

• CVE-2025-21354

• CVE-2025-21356
• CVE-2025-21345
• CVE-2025-21344
• CVE-2025-21364
• CVE-2025-21402
• CVE-2025-21393
• CVE-2025-21348
• CVE-2025-21346
• CVE-2025-21362
• CVE-2025-21395
• CVE-2025-21360
• CVE-2025-21361
• CVE-2025-21338
• CVE-2025-21357
• CVE-2025-21366
• CVE-2025-21365
• CVE-2025-21363
• CVE-2025-21186

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Produits associés

• Microsoft-Access
• Microsoft-Office
• Microsoft-Outlook
• Microsoft-Excel
• Microsoft-SharePoint

Liste CVE

• CVE-2025-21338
  critical
• CVE-2025-21354
  critical
• CVE-2025-21356
  critical
• CVE-2025-21345
  critical
• CVE-2025-21344
  critical
• CVE-2025-21364
  critical
• CVE-2025-21402
  critical
• CVE-2025-21393
  high
• CVE-2025-21348
  high
• CVE-2025-21346
  critical
• CVE-2025-21362
  critical
• CVE-2025-21395
  critical
• CVE-2025-21360
  critical
• CVE-2025-21361
  critical
• CVE-2025-21357
  high
• CVE-2025-21366
  critical
• CVE-2025-21365
  critical
• CVE-2025-21363
  critical
• CVE-2025-21186
  critical

Liste KB

• 5002671
• 5002675
• 5002667
• 5002595
• 5002656
• 5002670
• 5002666
• 5002673
• 5002672
• 5002677
• 5002676
• 5002688

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com