CVE-2025-30379 is a high-severity vulnerability identified in Microsoft Office Online Server version 1.0.0, specifically related to Microsoft Office Excel functionality within the server environment. The vulnerability is categorized under CWE-763, which involves the release of an invalid pointer or reference. This type of flaw typically occurs when a program releases or frees a pointer that does not point to a valid object, potentially leading to use-after-free conditions or memory corruption. In this case, the vulnerability allows an unauthorized attacker to execute code locally on the affected system. The CVSS v3.1 base score of 7.8 reflects a high severity, with an attack vector of local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the potential for arbitrary code execution, which could allow attackers to take control of the system, manipulate data, or disrupt services. The vulnerability is present in the initial release version (1.0.0) of Office Online Server, which is used to provide browser-based access to Office applications, including Excel, in enterprise environments. The lack of available patches at the time of publication increases the urgency for mitigation and monitoring.

For European organizations, the impact of CVE-2025-30379 can be substantial, especially for enterprises relying on Microsoft Office Online Server to provide collaborative document editing and Excel spreadsheet processing via web interfaces. Successful exploitation could lead to local code execution, enabling attackers to escalate privileges, deploy malware, exfiltrate sensitive data, or disrupt business operations. Given the high confidentiality, integrity, and availability impacts, organizations handling sensitive financial, personal, or intellectual property data are at particular risk. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk in environments where users might be tricked into opening malicious Excel files or interacting with compromised Office Online Server instances. This vulnerability could also be leveraged in targeted attacks against government agencies, financial institutions, and critical infrastructure operators in Europe, potentially causing operational disruptions or data breaches. The absence of known exploits currently provides a window for proactive defense, but organizations should not underestimate the potential for rapid weaponization.

1. Immediate mitigation should include restricting access to Office Online Server instances to trusted users and networks only, minimizing exposure to untrusted local users. 2. Implement strict user training and awareness programs to reduce the risk of user interaction with malicious Excel files or links. 3. Monitor logs and system behavior for unusual activity indicative of exploitation attempts, such as unexpected process launches or memory corruption signals. 4. Employ application whitelisting and endpoint protection solutions capable of detecting anomalous code execution patterns. 5. Isolate Office Online Server environments using network segmentation and least privilege principles to contain potential compromises. 6. Stay alert for official patches or updates from Microsoft and apply them promptly once available. 7. Consider deploying virtual desktop infrastructure (VDI) or sandboxing techniques for users accessing Office Online Server to limit the impact of local code execution. 8. Conduct regular vulnerability assessments and penetration testing focused on Office Online Server deployments to identify and remediate other potential weaknesses.