Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2025-59233

Опубликовано: 14 окт. 2025
Источник: msrc
CVSS3: 7.8
EPSS Низкий

Описание

Microsoft Excel Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

FAQ

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.

Обновления

ПродуктСтатьяОбновление
Microsoft Excel 2016 (32-bit edition)
5002794
Security Update
Microsoft Excel 2016 (64-bit edition)
5002794
Security Update
Office Online Server
5002797
Security Update
Microsoft Office 2019 for 32-bit editions
Click to Run
-
Microsoft Office 2019 for 64-bit editions
Click to Run
-
Microsoft 365 Apps for Enterprise for 32-bit Systems
Click to Run
-
Microsoft 365 Apps for Enterprise for 64-bit Systems
Click to Run
-
Microsoft Office LTSC for Mac 2021
Release Notes
Security Update
Microsoft Office LTSC 2021 for 64-bit editions
Click to Run
-
Microsoft Office LTSC 2021 for 32-bit editions
Click to Run
-

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 31%
0.00117
Низкий

7.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-59233

CVSS3: 7.8
nvd
21 день назад

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

github логотип

GHSA-vr47-8w9q-x3fw

CVSS3: 7.8
github
21 день назад

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

fstec логотип

BDU:2025-13087

CVSS3: 7.8
fstec
22 дня назад

Уязвимость пакетов программ Microsoft Office, Excel и 365 Apps for Enterprise, связанная с ошибками смешения типов данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 31%
0.00117
Низкий

7.8 High

CVSS3