Excel Microsoft Excel Spreadsheet Software

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Excel.

Recent Microsoft Excel Security Advisories

Advisory Title Published
CVE-2025-49711 CVE-2025-49711 Microsoft Excel Remote Code Execution Vulnerability July 8, 2025
CVE-2025-48812 CVE-2025-48812 Microsoft Excel Information Disclosure Vulnerability July 8, 2025
CVE-2025-47174 CVE-2025-47174 Microsoft Excel Remote Code Execution Vulnerability June 10, 2025
CVE-2025-47165 CVE-2025-47165 Microsoft Excel Remote Code Execution Vulnerability June 10, 2025
CVE-2025-32704 CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability May 13, 2025
CVE-2025-30393 CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability May 13, 2025
CVE-2025-30383 CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability May 13, 2025
CVE-2025-30381 CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability May 13, 2025
CVE-2025-30379 CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability May 13, 2025
CVE-2025-30376 CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability May 13, 2025

Known Exploited Microsoft Excel Vulnerabilities

The following Microsoft Excel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Excel Remote Code Execution Vulnerability A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
CVE-2019-1297 Exploit Probability: 56.8%
March 3, 2022
Microsoft Office Security Feature Bypass Vulnerability A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
CVE-2016-7262 Exploit Probability: 85.2%
March 3, 2022
Microsoft Excel Featheader Record Memory Corruption Vulnerability Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.
CVE-2009-3129 Exploit Probability: 89.0%
March 3, 2022

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2019-1297: Microsoft Excel Remote Code Execution Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 23 vulnerabilities in Microsoft Excel with an average score of 7.7 out of ten. Last year, in 2024 Excel had 11 security vulnerabilities published. That is, 12 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.01




Year Vulnerabilities Average Score
2025 23 7.73
2024 11 7.74
2023 8 7.43
2022 10 7.49
2021 28 7.47
2020 32 7.86
2019 11 7.51
2018 22 7.23

It may take a day or so for new Excel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Excel Security Vulnerabilities

Use after free in Microsoft Office Excel

CVE-2025-47165 7.8 - High - June 10, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel

CVE-2025-30383 7.8 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Buffer over-read in Microsoft Office Excel

CVE-2025-32704 7.8 - High - May 13, 2025

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-30376 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Memory Corruption

Use after free in Microsoft Office

CVE-2025-30377 7.8 - High - May 13, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Release of invalid pointer or reference in Microsoft Office Excel

CVE-2025-30379 7.8 - High - May 13, 2025

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Release of Invalid Pointer or Reference

Out-of-bounds read in Microsoft Office Excel

CVE-2025-30381 7.8 - High - May 13, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Use after free in Microsoft Office Excel

CVE-2025-29977 7.8 - High - May 13, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-29979 7.8 - High - May 13, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Memory Corruption

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel

CVE-2025-30375 7.8 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Use after free in Microsoft Office Excel

CVE-2025-27750 7.8 - High - April 08, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Excel

CVE-2025-27751 7.8 - High - April 08, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Out-of-bounds read in Microsoft Office

CVE-2025-26642 7.8 - High - April 08, 2025

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Stack-based buffer overflow in Microsoft Office Excel

CVE-2025-24075 7.8 - High - March 11, 2025

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Stack Overflow

Use after free in Microsoft Office Excel

CVE-2025-24081 7.8 - High - March 11, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office Excel

CVE-2025-24082 7.8 - High - March 11, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21381 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Untrusted Pointer Dereference

Microsoft Excel Information Disclosure Vulnerability

CVE-2025-21383 5.5 - Medium - February 11, 2025

Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds Read

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21386 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21390 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21394 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21387 7.8 - High - February 11, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-21362 8.4 - High - January 14, 2025

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Library Injection Vulnerability on macOS

CVE-2024-43106 7.1 - High - December 18, 2024

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Improper Verification of Cryptographic Signature

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49069 7.8 - High - December 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49026 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Command Injection

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49027 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49028 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds Read

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49029 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Use of Uninitialized Resource

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-49030 7.8 - High - November 12, 2024

Microsoft Excel Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-43504 7.8 - High - October 08, 2024

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Elevation of Privilege Vulnerability

CVE-2024-43465 7.8 - High - September 10, 2024

Microsoft Excel Elevation of Privilege Vulnerability

Dangling pointer

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-30042 7.8 - High - May 14, 2024

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-20673 7.8 - High - February 13, 2024

Microsoft Office Remote Code Execution Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2023-36037 7.8 - High - November 14, 2023

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-36041 7.8 - High - November 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Dangling pointer

Microsoft Excel Information Disclosure Vulnerability

CVE-2023-36766 5.5 - Medium - September 12, 2023

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-32029 7.8 - High - June 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-33133 7.8 - High - June 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-24953 7.8 - High - May 09, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-23399 7.8 - High - March 14, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Spoofing Vulnerability

CVE-2023-23398 7.1 - High - March 14, 2023

Microsoft Excel Spoofing Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-41063 7.8 - High - November 09, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-41106 8.8 - High - November 09, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2022-41104 5.5 - Medium - November 09, 2022

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2022-33631 7.3 - High - August 09, 2022

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-30173 7.8 - High - June 15, 2022

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-29110 7.8 - High - May 10, 2022

Microsoft Excel Remote Code Execution Vulnerability

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2022-26903 7.8 - High - April 15, 2022

Windows Graphics Component Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2022-26901 7.8 - High - April 15, 2022

Microsoft Excel Remote Code Execution Vulnerability

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Office Web Apps Server or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Excel
Spreadsheet Software

subscribe