CVE-2025-21186

CVE-2025-21186 is a remote code execution vulnerability affecting Microsoft Access. Published on 2025-01-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow) along with NVD-CWE-noinfo.

The vulnerability can be exploited by an attacker with local access to the target system. Exploitation requires low attack complexity and no special privileges, but user interaction is necessary, such as convincing the user to open a malicious file or perform a specific action within Microsoft Access. Successful exploitation allows the attacker to achieve high-impact remote code execution, potentially compromising confidentiality, integrity, and availability by running arbitrary code in the context of the affected application.

The Microsoft Security Response Center (MSRC) provides detailed guidance on this vulnerability, including patch information and mitigation recommendations, at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21186. Security practitioners should consult this advisory for deployment instructions.