CVE-2025-30381

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions 2016 through 2024 Microsoft Office Excel version 365

Description The issue is an out-of-bounds read in Microsoft Office Excel, allowing an unauthorized attacker to execute code locally. This can enable remote attackers to execute arbitrary code and affect the system. The vulnerability exists due to the release of an invalid pointer or reference in Microsoft Excel.

Recommendations For Microsoft Office Excel versions 2016 through 2024, apply the patch in the May 2025 update: KB5002695. For Microsoft Office Excel version 365, apply the patch in the May 2025 update: KB5002695. As a temporary workaround, consider restricting the use of Microsoft Excel until a patch is applied.

Fix

RCE

Out of bounds Read

Untrusted Pointer Dereference

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-822CWE-502

Related Identifiers

BDU:2025-05666

BDU:2025-05667

CVE-2025-30381

Affected Products

Office Excel

CVE-2025-30381

Weakness Enumeration

Related Identifiers

Affected Products

References · 13