Remote Code Execution Risks in Microsoft Office

Microsoft has recently published security updates for critical vulnerabilities in Microsoft Office, specifically CVE-2025-54906 and CVE-2025-54910, both of which allow for Remote Code Execution (RCE). These vulnerabilities can be triggered through maliciously crafted Office files, allowing attackers to execute arbitrary code on a system. These vulnerabilities have been identified in both heap and memory management issues within Microsoft Office components.

Severity Level: Critical

Vulnerability Details

1. CVE-2025-54906
   • Severity: High
   • CVSS Score: 7.8
   • Type: Use-after-free
   • Description: The vulnerability is caused by improper handling of memory, specifically a “use-after-free” condition, where memory is freed and later used without being properly reallocated. This creates a situation where an attacker can inject malicious code into memory, potentially leading to arbitrary code execution.
   • Exploitation: According to Microsoft exploitation is less likely, but possible when an attacker sends a crafted malicious file to the target user. Once opened, the exploit allows the attacker to execute code locally.
     
2. CVE-2025-54910
   • Severity: Critical
   • CVSS Score: 8.4
   • Type: Heap-Based Buffer Overflow
   • Description: This vulnerability arises from a heap-based buffer overflow in Microsoft Office. When memory buffers are not properly checked, they can overflow, allowing an attacker to overwrite adjacent memory. This results in the execution of arbitrary code.
   • Exploitation: Unlike CVE-2025-54906, exploitation of this vulnerability does not require user interaction. Attackers could exploit this vulnerability via specially crafted files, with potential for execution through the Preview Pane in Outlook.

Affected Products

Both vulnerabilities impact a wide range of Microsoft Office products, across different versions:

• Microsoft Office 2016 (32-bit, 64-bit)
• Microsoft Office 2019 (32-bit, 64-bit)
• Microsoft Office LTSC 2021, 2024 (32-bit, 64-bit)
• Microsoft 365 Apps for Enterprise (32-bit, 64-bit)
• Microsoft Office LTSC for Mac 2021, 2024
• Microsoft SharePoint Server 2016, 2019
• Microsoft Office 365 users are also at risk

Recommendations

1. Apply Microsoft Office updates immediately. Prioritize the critical CVE-2025-54910, especially due to its ability to exploit the Preview Pane in Outlook.
2. If using older or unpatched versions, disable the Preview Pane in Microsoft Outlook to prevent attacks from being triggered by malicious files.
3. Inform users not to open Office documents from untrusted sources and to be cautious about email attachments.
4. Implement security measures like macro settings and file block policies to prevent the execution of macros and other potentially dangerous content in Office files.

Source:

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54910
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54906
• https://gbhackers.com/critical-flaws-in-microsoft-office/

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.