CVE-2025-21365 — Untrusted Search Path in Microsoft 365 Apps FOR Enterprise

CWE-426 — Untrusted Search Path9 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 30.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft 365 Apps FOR Enterprise Microsoft Office Ltsc 2024 Microsoft Office Long Term Servicing Channel

Timeline

PublishedJan 14

Description

Microsoft Office Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_office_ltsc_202416.0.0 — https://aka.ms/OfficeSecurityReleases

▶NVDmicrosoft/office_long_term_servicing_channel2024

▶CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1 — https://aka.ms/OfficeSecurityReleases

Patches

Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

CVEList

Microsoft Office Remote Code Execution Vulnerability↗2025-01-14

▶

GHSA

GHSA-57v2-9qhm-9cq9: Microsoft Office Remote Code Execution Vulnerability↗2025-01-14

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2025-01-14

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws↗2025-01-14

▶

Qualys

Microsoft and Adobe Patch Tuesday, January 2025 Security Update Review↗2025-01-14

▶

Talos

Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities↗2025-01-14

▶

Qualys

Microsoft and Adobe Patch Tuesday, January 2025 Security Update Review | Qualys↗2025-01-14

▶

Talos

Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities↗2025-01-14

▶