CVE-2025-21338 is an integer overflow or wraparound vulnerability (CWE-190) identified in Microsoft Office for Android version 16.0.1, specifically within the GDI+ graphics component. The flaw arises when the software improperly handles integer values, leading to overflow conditions that can corrupt memory and enable remote code execution. An attacker with low privileges on the device can exploit this vulnerability without requiring user interaction, potentially executing arbitrary code in the context of the Office application. This could lead to full compromise of the device’s confidentiality, integrity, and availability. The CVSS 3.1 base score is 7.8, reflecting a high severity due to local attack vector, low attack complexity, low privileges required, and no user interaction. The vulnerability is currently published but has no known exploits in the wild and no patches released yet. The lack of patch availability increases the urgency for organizations to implement interim mitigations. The vulnerability’s presence in a widely used productivity suite on Android devices makes it a significant threat, especially in environments with mobile or BYOD usage. The integer overflow in GDI+ can be triggered by specially crafted documents or content processed by the Office app, allowing attackers to execute arbitrary code remotely once local access is obtained.

For European organizations, this vulnerability poses a substantial risk due to the widespread use of Microsoft Office on Android devices, particularly in sectors with mobile workforces such as finance, consulting, and public administration. Exploitation could lead to unauthorized access to sensitive documents, data leakage, and potential lateral movement within corporate networks. The ability to execute code remotely without user interaction increases the threat level, as attackers can leverage this flaw to deploy malware, ransomware, or espionage tools silently. The impact extends to operational disruption and reputational damage. Organizations with Bring Your Own Device (BYOD) policies are especially vulnerable, as attackers could exploit compromised personal devices to infiltrate corporate environments. The absence of patches means that until Microsoft releases updates, organizations must rely on detection and containment strategies. The vulnerability also raises compliance concerns under GDPR due to the risk of data breaches involving personal data processed on affected devices.

Given the absence of patches, European organizations should implement strict access controls on Android devices running Microsoft Office 16.0.1, including enforcing strong device authentication and limiting app permissions. Employ Mobile Device Management (MDM) solutions to monitor and restrict installation of untrusted applications and to enforce security policies. Network segmentation should be used to isolate mobile devices from critical infrastructure. Organizations should educate users about the risks of opening untrusted documents and implement endpoint detection and response (EDR) tools capable of identifying anomalous behaviors related to Office apps. Regularly audit devices for signs of compromise and maintain up-to-date backups to mitigate potential ransomware impacts. Once Microsoft releases patches, prioritize immediate deployment across all affected devices. Additionally, consider disabling or restricting the use of Microsoft Office for Android in high-risk environments until patches are available. Collaborate with security vendors to obtain threat intelligence updates related to this vulnerability.