CVE-2025-21346

CVE-2025-21346 is a Security Feature Bypass Vulnerability affecting Microsoft Office. It has a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) and is associated with CWE-693 (Protection Mechanism Failure) along with NVD-CWE-noinfo.

The vulnerability can be exploited by an attacker with local access to the target system who tricks a user into performing an action, such as opening a malicious file, due to the low attack complexity and requirement for user interaction but no privileges. Successful exploitation allows the attacker to bypass security features, resulting in high integrity impact (I:H) and high availability impact (A:H), with no confidentiality impact (C:N).

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21346 provides guidance on mitigations and available patches.