CVE-2025-21363

Name of the Vulnerable Software and Affected Versions Microsoft Word (affected versions not specified) Microsoft Office (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified)

Description The issue is related to a remote code execution problem in Microsoft Word, associated with the handling of DOCX files and the dereferencing of an uninitialized pointer. This could allow a remote attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Microsoft Word, update to a version that includes a fix for the uninitialized pointer issue. For Microsoft Office, consider disabling the DOCX file parsing functionality until a patch is available. For Microsoft 365 Apps for Enterprise, restrict access to potentially vulnerable components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.