CVE-2025-30375 is a vulnerability classified as CWE-843 (Access of Resource Using Incompatible Type, or type confusion) found in Microsoft Excel, part of Microsoft 365 Apps for Enterprise version 16.0.1. This vulnerability arises when Excel improperly handles resource access by using an incompatible type, leading to type confusion. Such a flaw can be exploited by an unauthorized attacker to execute arbitrary code locally on the victim's machine. The attack vector is local (AV:L), requiring the attacker to have local access but no privileges (PR:N). User interaction is required (UI:R), meaning the victim must perform some action, such as opening a malicious Excel file. The vulnerability impacts confidentiality, integrity, and availability (all rated high), allowing potential full compromise of the affected system. The scope remains unchanged (S:U), meaning the exploit affects only the vulnerable component. The exploitability is low complexity (AC:L), and no known exploits are currently reported in the wild. The vulnerability was reserved in March 2025 and published in May 2025. No patches are linked yet, indicating that remediation may still be pending or in progress. Given Microsoft 365's widespread enterprise use, this vulnerability poses a significant risk to organizations relying on Excel for business-critical tasks.

If exploited, this vulnerability could allow attackers to execute arbitrary code with the privileges of the logged-in user, potentially leading to full system compromise. This threatens the confidentiality of sensitive data processed in Excel, the integrity of business documents, and the availability of systems if malware or ransomware is deployed. Since the attack requires local access and user interaction, the risk is mitigated somewhat but remains significant in environments where users may open untrusted Excel files. The vulnerability could be leveraged in targeted attacks or insider threat scenarios. Enterprises with heavy reliance on Microsoft 365 Apps, especially Excel, for financial, operational, or strategic data processing are at heightened risk. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread exploitation occurs.

Organizations should prioritize monitoring for updates from Microsoft and apply patches immediately once available. Until patches are released, implement strict controls on local file execution, including disabling macros and restricting the opening of Excel files from untrusted or unknown sources. Employ endpoint protection solutions capable of detecting suspicious local code execution attempts. Educate users about the risks of opening unsolicited or unexpected Excel files and enforce the principle of least privilege to limit the impact of potential exploitation. Consider application whitelisting and sandboxing Excel processes to contain potential malicious activity. Regularly audit and monitor local user activity to detect anomalous behavior indicative of exploitation attempts.