CVE-2025-60724 is a heap-based buffer overflow vulnerability classified under CWE-122, found in the Microsoft Graphics Component of Microsoft Office LTSC for Mac 2021, specifically version 16.0.1. This vulnerability arises when the graphics component improperly handles memory allocation or bounds checking, allowing an attacker to overwrite heap memory. Exploitation can be achieved remotely over a network without requiring any authentication or user interaction, making it highly dangerous. Successful exploitation enables arbitrary code execution with the privileges of the affected application, potentially allowing full system compromise, data theft, or disruption of services. The vulnerability has been assigned a CVSS v3.1 base score of 9.8, reflecting its critical impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability’s characteristics suggest that weaponized exploits could emerge rapidly. The lack of currently available patches means organizations must rely on interim mitigations until official updates are released. This vulnerability is particularly concerning for environments where Microsoft Office LTSC for Mac 2021 is widely deployed, as it could be leveraged in targeted attacks or widespread campaigns. The flaw’s network attack vector and no requirement for user interaction increase its threat level significantly.

For European organizations, this vulnerability poses a severe risk due to the widespread use of Microsoft Office in corporate and governmental environments, including on Mac platforms. Exploitation could lead to unauthorized access to sensitive data, disruption of business operations, and potential lateral movement within networks. Sectors such as finance, healthcare, government, and technology, which handle critical or sensitive information, are especially vulnerable. The ability to execute code remotely without user interaction increases the likelihood of rapid exploitation and potential ransomware or espionage campaigns. Additionally, the impact on availability could disrupt essential services and cause significant operational downtime. The vulnerability’s presence in a widely used productivity suite amplifies the potential scale of impact across European enterprises and public institutions.

1. Monitor Microsoft’s official channels closely for the release of security patches addressing CVE-2025-60724 and apply them immediately upon availability. 2. Until patches are released, restrict network access to systems running Microsoft Office LTSC for Mac 2021, especially from untrusted networks. 3. Employ network segmentation to isolate vulnerable Mac systems from critical infrastructure. 4. Utilize advanced endpoint detection and response (EDR) solutions capable of detecting anomalous behavior indicative of exploitation attempts. 5. Implement strict application control policies to limit execution of unauthorized code. 6. Educate IT and security teams about this vulnerability to enhance monitoring and incident response readiness. 7. Consider disabling or limiting the use of the affected Microsoft Graphics Component if feasible as a temporary workaround. 8. Conduct regular vulnerability scanning and penetration testing focused on Mac environments to identify potential exposure.