CVE-2025-30381 is a high-severity vulnerability identified in Microsoft Office Online Server version 1.0.0. The vulnerability is classified as an out-of-bounds read (CWE-125), which occurs when the software reads data outside the boundaries of allocated memory. This flaw specifically affects the Microsoft Office Excel component within Office Online Server. An unauthorized attacker can exploit this vulnerability to execute code locally on the affected system. The vulnerability does not require any privileges (PR:N) but does require user interaction (UI:R), such as opening a maliciously crafted Excel file through the Office Online Server interface. The attack vector is local (AV:L), meaning the attacker must have local access to the system or be able to induce a user to interact with the malicious content via the server. The vulnerability impacts confidentiality, integrity, and availability (all rated high), indicating that successful exploitation can lead to full compromise of the affected system. The CVSS 3.1 base score is 7.8, reflecting a high severity level. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in March 2025 and published in May 2025, indicating recent discovery and disclosure. Given the nature of Office Online Server as a web-based platform for document collaboration and editing, this vulnerability could be leveraged to execute arbitrary code on servers hosting Office Online Server, potentially affecting multiple users and integrated systems.

For European organizations, the impact of CVE-2025-30381 could be significant, especially for enterprises and public sector entities relying on Microsoft Office Online Server for document collaboration and productivity. Exploitation could lead to unauthorized code execution on critical servers, resulting in data breaches, disruption of services, and potential lateral movement within corporate networks. Confidential business information and personal data protected under GDPR could be exposed or manipulated, leading to regulatory penalties and reputational damage. The requirement for user interaction means phishing or social engineering could be used to trigger the exploit, increasing risk in environments with less stringent user awareness. Additionally, since Office Online Server is often integrated with other Microsoft services and enterprise infrastructure, a successful attack could cascade, impacting broader IT environments. The lack of available patches at the time of disclosure increases the window of vulnerability, necessitating immediate mitigation efforts.

1. Implement strict access controls and network segmentation to limit local access to Office Online Server hosts, reducing the attack surface for local exploits. 2. Enforce robust user training and awareness programs to minimize the risk of users interacting with malicious Excel files, especially those received from untrusted sources. 3. Monitor and restrict file uploads and content processed by Office Online Server using content inspection and filtering tools to detect potentially malicious documents. 4. Apply application whitelisting and endpoint protection solutions on servers hosting Office Online Server to detect and block unauthorized code execution attempts. 5. Maintain up-to-date backups of critical data and configurations to enable rapid recovery in case of compromise. 6. Closely monitor Microsoft’s security advisories for patches or workarounds and plan for rapid deployment once available. 7. Consider deploying Office Online Server in isolated environments or using virtualized containers to limit the impact of potential exploitation. 8. Employ intrusion detection and prevention systems (IDS/IPS) tuned to detect anomalous behavior related to Office Online Server processes.