CVE-2025-62199
Microsoft Office Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
| Vendor | microsoft |
| Product | microsoft 365 apps for enterprise |
| Ecosystems | |
| Industries | TechnologyEnterprise |
| Published | Nov 11, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for microsoft microsoft 365 apps for enterprise
Be the first to know when new high vulnerabilities affecting microsoft microsoft 365 apps for enterprise are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Microsoft / Microsoft 365 Apps for Enterprise
16.0.1 < https://aka.ms/OfficeSecurityReleases
Microsoft / Microsoft Office 2016
16.0.0 < 16.0.5526.1000
Microsoft / Microsoft Office for Android
16.0.1 < 16.0.19426.20044
Microsoft / Microsoft Office LTSC 2021
16.0.1 < https://aka.ms/OfficeSecurityReleases
Microsoft / Microsoft Office LTSC 2024
16.0.0 < https://aka.ms/OfficeSecurityReleases
Microsoft / Microsoft Office LTSC for Mac 2021
16.0.1 < 16.103.25110922
Microsoft / Microsoft Office LTSC for Mac 2024
16.0.0 < 16.103.25110922
References
msrc.microsoft.com: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62199 vicarius.io: https://www.vicarius.io/vsociety/posts/cve-2025-62199-detect-microsoft-office-rce-vulnerability vicarius.io: https://www.vicarius.io/vsociety/posts/cve-2025-62199-mitigate-microsoft-office-rce-vulnerability