Microsoft Excel Spreadsheet Software
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Excel.
Recent Microsoft Excel Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-49711 | CVE-2025-49711 Microsoft Excel Remote Code Execution Vulnerability | July 8, 2025 |
| CVE-2025-48812 | CVE-2025-48812 Microsoft Excel Information Disclosure Vulnerability | July 8, 2025 |
| CVE-2025-47174 | CVE-2025-47174 Microsoft Excel Remote Code Execution Vulnerability | June 10, 2025 |
| CVE-2025-47165 | CVE-2025-47165 Microsoft Excel Remote Code Execution Vulnerability | June 10, 2025 |
| CVE-2025-32704 | CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability | May 13, 2025 |
| CVE-2025-30393 | CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability | May 13, 2025 |
| CVE-2025-30383 | CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability | May 13, 2025 |
| CVE-2025-30381 | CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability | May 13, 2025 |
| CVE-2025-30379 | CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability | May 13, 2025 |
| CVE-2025-30376 | CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability | May 13, 2025 |
Known Exploited Microsoft Excel Vulnerabilities
The following Microsoft Excel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Excel Remote Code Execution Vulnerability |
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. CVE-2019-1297 Exploit Probability: 56.8% |
March 3, 2022 |
| Microsoft Office Security Feature Bypass Vulnerability |
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. CVE-2016-7262 Exploit Probability: 85.2% |
March 3, 2022 |
| Microsoft Excel Featheader Record Memory Corruption Vulnerability |
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset. CVE-2009-3129 Exploit Probability: 89.0% |
March 3, 2022 |
Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2019-1297: Microsoft Excel Remote Code Execution Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 23 vulnerabilities in Microsoft Excel with an average score of 7.7 out of ten. Last year, in 2024 Excel had 11 security vulnerabilities published. That is, 12 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.01
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 23 | 7.73 |
| 2024 | 11 | 7.74 |
| 2023 | 8 | 7.43 |
| 2022 | 10 | 7.49 |
| 2021 | 28 | 7.47 |
| 2020 | 32 | 7.86 |
| 2019 | 11 | 7.51 |
| 2018 | 22 | 7.23 |
It may take a day or so for new Excel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Excel Security Vulnerabilities
Use after free in Microsoft Office Excel
CVE-2025-47165
7.8 - High
- June 10, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel
CVE-2025-30383
7.8 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Buffer over-read in Microsoft Office Excel
CVE-2025-32704
7.8 - High
- May 13, 2025
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Heap-based buffer overflow in Microsoft Office Excel
CVE-2025-30376
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Memory Corruption
Use after free in Microsoft Office
CVE-2025-30377
7.8 - High
- May 13, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Release of invalid pointer or reference in Microsoft Office Excel
CVE-2025-30379
7.8 - High
- May 13, 2025
Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Release of Invalid Pointer or Reference
Out-of-bounds read in Microsoft Office Excel
CVE-2025-30381
7.8 - High
- May 13, 2025
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Use after free in Microsoft Office Excel
CVE-2025-29977
7.8 - High
- May 13, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office Excel
CVE-2025-29979
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Memory Corruption
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel
CVE-2025-30375
7.8 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Use after free in Microsoft Office Excel
CVE-2025-27750
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-27751
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Out-of-bounds read in Microsoft Office
CVE-2025-26642
7.8 - High
- April 08, 2025
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Stack-based buffer overflow in Microsoft Office Excel
CVE-2025-24075
7.8 - High
- March 11, 2025
Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Stack Overflow
Use after free in Microsoft Office Excel
CVE-2025-24081
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Excel
CVE-2025-24082
7.8 - High
- March 11, 2025
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21381
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft Excel Information Disclosure Vulnerability
CVE-2025-21383
5.5 - Medium
- February 11, 2025
Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21386
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21390
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21394
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21387
7.8 - High
- February 11, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-21362
8.4 - High
- January 14, 2025
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Library Injection Vulnerability on macOS
CVE-2024-43106
7.1 - High
- December 18, 2024
A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Improper Verification of Cryptographic Signature
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49069
7.8 - High
- December 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49026
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Command Injection
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49030
7.8 - High
- November 12, 2024
Microsoft Excel Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-43504
7.8 - High
- October 08, 2024
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Elevation of Privilege Vulnerability
CVE-2024-43465
7.8 - High
- September 10, 2024
Microsoft Excel Elevation of Privilege Vulnerability
Dangling pointer
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-30042
7.8 - High
- May 14, 2024
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36037
7.8 - High
- November 14, 2023
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36041
7.8 - High
- November 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Dangling pointer
Microsoft Excel Information Disclosure Vulnerability
CVE-2023-36766
5.5 - Medium
- September 12, 2023
Microsoft Excel Information Disclosure Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-32029
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33133
7.8 - High
- June 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-24953
7.8 - High
- May 09, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-23399
7.8 - High
- March 14, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Spoofing Vulnerability
CVE-2023-23398
7.1 - High
- March 14, 2023
Microsoft Excel Spoofing Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41063
7.8 - High
- November 09, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41106
8.8 - High
- November 09, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41104
5.5 - Medium
- November 09, 2022
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-33631
7.3 - High
- August 09, 2022
Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-30173
7.8 - High
- June 15, 2022
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-29110
7.8 - High
- May 10, 2022
Microsoft Excel Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2022-26903
7.8 - High
- April 15, 2022
Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-26901
7.8 - High
- April 15, 2022
Microsoft Excel Remote Code Execution Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office Web Apps Server or by Microsoft? Click the Watch button to subscribe.
