CVE-2025-21381

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions (affected versions not specified) Microsoft 365 Apps versions (affected versions not specified) Microsoft Office versions (affected versions not specified) Microsoft Office Online Server versions (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code and affect the system. It is related to the exploitation of a dangling pointer in Microsoft Office, Excel, and 365 Apps for Enterprise packages. This exploitation can enable an attacker to execute arbitrary code.

Recommendations For Microsoft Excel, update to a version that includes a fix for this issue. For Microsoft 365 Apps, apply configuration changes to restrict the exploitation of the vulnerable component until a patch is available. For Microsoft Office, consider disabling the vulnerable function temporarily to minimize the risk of exploitation. For Microsoft Office Online Server, restrict access to the vulnerable module to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.