CVE-2025-30375 is a high-severity vulnerability identified in Microsoft Office Online Server version 1.0.0, specifically involving Microsoft Office Excel functionality. The vulnerability is classified as CWE-843, which corresponds to 'Access of Resource Using Incompatible Type,' commonly referred to as a 'type confusion' flaw. This type of vulnerability arises when a program accesses a resource (such as memory or an object) using an incorrect or incompatible data type, potentially leading to unpredictable behavior including memory corruption. In this case, the flaw allows an unauthorized attacker to execute code locally on the affected system. The vulnerability requires local access (Attack Vector: Local) but does not require privileges (Privileges Required: None). However, it does require user interaction (User Interaction: Required), meaning the attacker must trick a user into performing an action that triggers the exploit. The CVSS v3.1 base score is 7.8, indicating a high severity level. The impact metrics indicate high confidentiality, integrity, and availability impacts, meaning successful exploitation could lead to full system compromise, data leakage, or disruption of service. The vulnerability is currently published and has no known exploits in the wild, but the absence of patches (no patch links provided) suggests that affected organizations should prioritize mitigation. The vulnerability's exploitation scope is unchanged (Scope: Unchanged), meaning the impact is limited to the vulnerable component or system. Given the nature of Office Online Server, which is often deployed in enterprise environments to provide browser-based access to Office documents, this vulnerability could be leveraged by attackers to execute arbitrary code on servers hosting Office Online Server, potentially compromising sensitive business data or enabling lateral movement within networks.

For European organizations, the impact of CVE-2025-30375 could be significant due to the widespread use of Microsoft Office Online Server in enterprise and government environments. Successful exploitation could lead to unauthorized code execution on servers that handle critical document processing and collaboration, potentially exposing sensitive corporate or governmental data. This could result in data breaches, intellectual property theft, or disruption of business operations. Given the high confidentiality, integrity, and availability impacts, organizations could face regulatory consequences under GDPR if personal data is compromised. Additionally, the requirement for local access and user interaction means that insider threats or social engineering attacks could be vectors for exploitation. The vulnerability could also be leveraged as a foothold for further attacks within a network, increasing the risk of broader compromise. European organizations with remote or hybrid workforces relying on Office Online Server for document collaboration are particularly at risk, as attackers may exploit user interaction to trigger the vulnerability remotely via phishing or malicious document links.

1. Immediate mitigation should focus on restricting local access to servers running Microsoft Office Online Server, ensuring only trusted administrators have access. 2. Implement strict user training and awareness programs to reduce the risk of social engineering attacks that could trigger the required user interaction. 3. Employ application whitelisting and endpoint protection solutions on servers hosting Office Online Server to detect and block suspicious code execution attempts. 4. Monitor logs and network traffic for unusual activity indicative of exploitation attempts, such as unexpected process launches or anomalous file access patterns. 5. Since no patches are currently available, consider isolating Office Online Server instances within segmented network zones to limit potential lateral movement. 6. Regularly check for updates from Microsoft and apply security patches promptly once released. 7. Use multi-factor authentication and strict access controls to minimize the risk of unauthorized local access. 8. Conduct penetration testing and vulnerability assessments focusing on Office Online Server deployments to identify and remediate additional weaknesses.