CVE-2025-54904 is a use-after-free vulnerability classified under CWE-416 found in Microsoft Office Online Server, specifically impacting the Excel component. The vulnerability arises when the application improperly manages memory, freeing an object while it is still in use, which can lead to arbitrary code execution. An attacker can exploit this flaw by convincing a user to open a specially crafted Excel file within the Office Online Server environment. The vulnerability requires local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). The CVSS v3.1 base score is 7.8, reflecting the significant risk posed by this vulnerability. Although no public exploits have been reported, the potential for local code execution makes this a critical concern for environments where Office Online Server is deployed. The affected version is 16.0.0.0, and as of the publication date, no patches have been released. The vulnerability could be leveraged to execute arbitrary code with the privileges of the user running the Office Online Server, potentially leading to system compromise or lateral movement within a network.

For European organizations, this vulnerability poses a significant risk, particularly for enterprises and public sector entities heavily reliant on Microsoft Office Online Server for document collaboration and processing. Successful exploitation could lead to unauthorized code execution, enabling attackers to steal sensitive data, disrupt services, or establish persistence within networks. Given the high confidentiality, integrity, and availability impacts, critical infrastructure sectors such as finance, healthcare, and government could face severe operational disruptions. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments where users may be targeted with malicious documents. The absence of known exploits currently provides a window for proactive mitigation, but the high severity score underscores the urgency for organizations to prepare defenses.

1. Restrict local access to systems running Microsoft Office Online Server to trusted personnel only, employing strict access controls and network segmentation. 2. Educate users about the risks of opening untrusted or unexpected Excel files, emphasizing caution with documents received via email or external sources. 3. Implement application whitelisting and endpoint protection solutions capable of detecting anomalous behavior related to Office applications. 4. Monitor system logs and network traffic for unusual activities that could indicate exploitation attempts. 5. Maintain up-to-date backups and incident response plans tailored to potential Office Online Server compromises. 6. Engage with Microsoft support channels to obtain early patch releases or workarounds once available. 7. Consider deploying virtualized or sandboxed environments for processing untrusted documents to contain potential exploitation. 8. Limit the privileges of the Office Online Server service accounts to minimize impact if exploited.