Apr 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-26642 Published on April 8, 2025

Microsoft Office Remote Code Execution Vulnerability
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendor Advisory NVD

Weakness Types

Out-of-bounds Read

The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.

Integer Overflow or Wraparound

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.

Products Associated with CVE-2025-26642

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-26642 are published in these products:

Microsoft Access

Microsoft Office Online Server

Microsoft Sharepoint Server

Microsoft 365 Apps

Microsoft Office

Microsoft Excel

Microsoft Office Long Term Servicing Channel

Microsoft Office 2021

Microsoft Sharepoint Server 2019

Microsoft Office 2019

Microsoft Office Macos 2021

Microsoft Office 2024

Microsoft Office Macos 2024

Microsoft Excel 2016

Microsoft Office 2016

Microsoft Access 2016

Affected Versions

Microsoft 365 Apps for Enterprise:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Access 2016:

Version 16.0.0 and below 16.0.5495.1000 is affected.

Microsoft Access 2016 (32-bit edition):

Version 16.0.0 and below 16.0.5495.1000 is affected.

Microsoft Excel 2016:

Version 16.0.0.0 and below 16.0.5495.1000 is affected.

Microsoft Office 2016:

Version 16.0.0 and below 16.0.5495.1000 is affected.

Microsoft Office 2019:

Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC 2021:

Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC 2024:

Version 16.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.

Microsoft Office LTSC for Mac 2021:

Version 16.0.1 and below 16.96.25041326 is affected.

Microsoft Office LTSC for Mac 2024:

Version 16.0.0 and below 16.96.25041326 is affected.

Microsoft SharePoint Server 2019:

Version 16.0.0 and below 16.0.10417.20003 is affected.

Microsoft Office Online Server:

Version 16.0.0.0 and below 16.0.10417.20003 is affected.

Exploit Probability

EPSS

0.94%

Percentile

75.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.