CVE-2025-30375 is a high-severity vulnerability classified under CWE-843 (Access of Resource Using Incompatible Type, commonly known as 'type confusion') affecting Microsoft Office Online Server version 1.0.0. This vulnerability arises from improper handling of data types within Microsoft Office Excel components of the Office Online Server, allowing an attacker to exploit type confusion to gain unauthorized access to resources. Specifically, the flaw enables an attacker to execute arbitrary code locally on the affected system. The vulnerability requires local access (Attack Vector: Local) and no privileges (PR: None), but does require user interaction (UI: Required), such as opening a maliciously crafted Excel file through the Office Online Server interface. The vulnerability impacts confidentiality, integrity, and availability, all rated high, indicating that successful exploitation could lead to full system compromise. The CVSS v3.1 base score is 7.8, reflecting a high severity level. No known exploits are currently reported in the wild, and no patches have been linked yet, though the vulnerability was published on May 13, 2025, with reservation dating back to March 21, 2025. The vulnerability is significant because Office Online Server is widely used in enterprise environments to provide browser-based access to Microsoft Office documents, and a local code execution vulnerability could allow attackers to escalate privileges or move laterally within a network after initial access.

For European organizations, this vulnerability poses a substantial risk, especially for enterprises and public sector entities that rely on Microsoft Office Online Server to provide collaborative document editing and viewing capabilities. Exploitation could lead to unauthorized code execution on servers hosting Office Online Server, potentially compromising sensitive corporate or governmental data. This could result in data breaches, disruption of business operations, and loss of trust. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to trick users into opening malicious Excel files, increasing the attack surface. Additionally, given the high impact on confidentiality, integrity, and availability, successful exploitation could facilitate ransomware deployment, espionage, or sabotage. The lack of known exploits in the wild currently provides a window for mitigation, but the high severity score indicates that organizations should act promptly to prevent exploitation.

European organizations should implement the following specific mitigation steps: 1) Immediately monitor for updates and patches from Microsoft for Office Online Server version 1.0.0 and apply them as soon as they become available. 2) Restrict local access to servers running Office Online Server to trusted administrators only, minimizing the risk of local exploitation. 3) Implement strict user training and awareness programs to reduce the likelihood of users opening malicious Excel files, including phishing simulations focused on Office document threats. 4) Employ network segmentation to isolate Office Online Server infrastructure from critical systems to limit lateral movement in case of compromise. 5) Utilize endpoint detection and response (EDR) solutions to monitor for suspicious activities indicative of exploitation attempts, such as unusual process creation or code execution related to Office Online Server processes. 6) Review and tighten file upload and document handling policies within Office Online Server to detect and block potentially malicious files. 7) Conduct regular vulnerability assessments and penetration testing focused on Office Online Server deployments to identify and remediate configuration weaknesses.