CVE-2025-24075
Published: 11 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-24075 is a stack-based buffer overflow vulnerability (CWE-121) affecting Microsoft Office Excel. Published on 2025-03-11T17:16:30.270, it allows an unauthorized attacker to execute code locally and carries a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Exploitation requires local access to the target system (AV:L) with low attack complexity (AC:L) and no privileges (PR:N), but user interaction is necessary (UI:R), such as opening a specially crafted Excel file. Successful exploitation enables arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the local scope (S:U).
The Microsoft Security Response Center has published an update guide with mitigation details at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24075.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in Excel enables arbitrary code execution via opening a malicious file, directly mapping to client-side vulnerability exploitation and user execution of malicious files.