CVE-2025-21390 is a heap-based buffer overflow vulnerability classified under CWE-122, affecting Microsoft Excel in Microsoft 365 Apps for Enterprise version 16.0.1. This vulnerability arises from improper handling of memory buffers when processing Excel files, allowing an attacker to craft malicious spreadsheets that trigger the overflow. When a user opens such a file, the vulnerability can be exploited to execute arbitrary code remotely with the privileges of the current user. The CVSS 3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with an attack vector of local (requiring user to open the file), low attack complexity, no privileges required, but user interaction necessary. The scope remains unchanged, meaning the exploit affects only the vulnerable component. Although no known exploits are currently reported in the wild, the vulnerability's nature and Microsoft Excel's widespread use make it a significant threat. No patches or mitigations have been officially released yet, but Microsoft is expected to address this in upcoming security updates. The vulnerability is particularly dangerous because it can lead to full system compromise if exploited successfully, especially on systems where users have elevated privileges. Organizations relying heavily on Excel for business processes should prioritize monitoring and mitigation efforts.

The vulnerability poses a significant risk to organizations worldwide by enabling remote code execution through malicious Excel files. Successful exploitation can lead to unauthorized disclosure of sensitive data, alteration or destruction of data, and disruption of business operations. Attackers could gain control over affected systems, potentially moving laterally within networks, deploying malware, or exfiltrating data. Given Microsoft 365's extensive adoption in enterprises, government agencies, and critical infrastructure sectors, the impact could be widespread. The requirement for user interaction (opening a malicious file) means phishing campaigns or social engineering could be effective attack vectors. The vulnerability affects confidentiality, integrity, and availability, making it a critical concern for data protection and operational continuity. Without timely patching, organizations remain exposed to targeted attacks and potential large-scale compromise.

Organizations should implement the following specific mitigations: 1) Immediately restrict or block Excel file attachments from untrusted or external sources at email gateways and endpoint security solutions. 2) Educate users to avoid opening Excel files from unknown or suspicious senders and to verify the authenticity of received files. 3) Employ application whitelisting and sandboxing to limit execution of untrusted code within Excel. 4) Enable and enforce strict macro and ActiveX control policies to reduce attack surface. 5) Use endpoint detection and response (EDR) tools with behavior-based detection to identify exploitation attempts. 6) Monitor network traffic for unusual activity indicative of lateral movement or data exfiltration. 7) Prepare to deploy Microsoft’s security updates promptly once released, and test patches in controlled environments before wide deployment. 8) Consider isolating or limiting Excel usage in high-risk environments until patches are available. These targeted actions go beyond generic advice by focusing on controlling attack vectors and minimizing exposure until a patch is applied.