CVE-2025-62560 is a vulnerability classified under CWE-822 (Untrusted Pointer Dereference) affecting Microsoft Office Online Server, specifically version 16.0.0.0. The issue arises from improper handling of pointers within the Microsoft Office Excel component, which can be exploited by an unauthorized attacker to execute arbitrary code locally on the affected system. The attack vector requires local access (AV:L) and user interaction (UI:R), but no privileges are required (PR:N), meaning an attacker can trick a user into opening a malicious Excel file hosted or processed via Office Online Server. The vulnerability impacts confidentiality, integrity, and availability (all rated high), as successful exploitation can lead to full system compromise. The CVSS 3.1 score of 7.8 reflects a high severity level due to the potential damage and ease of exploitation once a user is tricked. No known exploits have been reported in the wild, and no official patches have been released at the time of publication, increasing the urgency for defensive measures. The vulnerability is significant because Office Online Server is widely used in enterprise environments for collaborative document editing and sharing, making it a valuable target for attackers aiming to compromise organizational infrastructure.

For European organizations, the impact of CVE-2025-62560 can be substantial. Exploitation could lead to local code execution on servers running Office Online Server, potentially allowing attackers to escalate privileges, move laterally within networks, and access sensitive corporate data. This could compromise confidentiality of documents, integrity of data processed through Office Online Server, and availability of the service, disrupting business operations. Organizations in sectors such as finance, government, healthcare, and critical infrastructure that rely heavily on Microsoft Office Online Server for document collaboration are particularly vulnerable. The requirement for user interaction means phishing or social engineering campaigns could be used to trigger exploitation, increasing risk. The absence of patches at present means organizations must rely on compensating controls to mitigate risk until updates are available. The threat also raises concerns about insider threats or compromised user accounts being leveraged to trigger the vulnerability.

1. Restrict access to Microsoft Office Online Server to trusted networks and users only, using network segmentation and firewall rules. 2. Implement strict file validation and scanning policies to detect and block malicious Excel files before they reach users or the server. 3. Educate users about the risks of opening unsolicited or suspicious Excel documents, emphasizing caution with files received via email or external sources. 4. Monitor logs and network traffic for unusual activity related to Office Online Server, including unexpected file uploads or execution attempts. 5. Employ application whitelisting and endpoint protection solutions on servers hosting Office Online Server to detect and prevent unauthorized code execution. 6. Prepare for rapid deployment of official patches from Microsoft once released, including testing in controlled environments to ensure compatibility. 7. Consider disabling or limiting Excel functionality in Office Online Server if feasible until the vulnerability is addressed. 8. Use multi-factor authentication and strong access controls to reduce the risk of compromised user credentials being used to exploit the vulnerability.