CVE-2025-21397

CVE-2025-21397 is a remote code execution vulnerability in Microsoft Office, classified under CWE-416 (use-after-free) with additional details under NVD-CWE-noinfo. Published on 2025-02-11T18:15:38.293, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact despite requiring local access and user interaction.

An attacker with local access can exploit this vulnerability with low complexity and no required privileges by tricking a user into performing an action, such as opening a malicious Office document. Successful exploitation enables arbitrary code execution on the target system, resulting in high impacts to confidentiality, integrity, and availability.

Microsoft's advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21397 provides guidance on mitigation, including the application of security updates to affected Microsoft Office versions.