CVE-2025-62561 is a vulnerability categorized under CWE-822 (Untrusted Pointer Dereference) affecting Microsoft Office Online Server, specifically version 16.0.0.0. The issue arises from improper handling of pointers within Microsoft Office Excel components when accessed through Office Online Server. An attacker can craft a malicious Excel file that, when opened or processed by the server, leads to dereferencing untrusted pointers. This can cause arbitrary code execution locally on the server without requiring any privileges or authentication, but user interaction is necessary (e.g., opening the malicious file). The vulnerability impacts confidentiality, integrity, and availability, as it allows execution of arbitrary code that could lead to data theft, modification, or service disruption. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects that the attack requires local access and user interaction but no privileges, and the scope remains unchanged. Although no exploits are currently known in the wild and no patches have been released, the vulnerability is publicly disclosed and should be considered a significant risk. Organizations running Office Online Server should be vigilant, as exploitation could compromise critical business data and services.

For European organizations, the impact of CVE-2025-62561 can be substantial. Office Online Server is widely used in enterprise environments for collaborative document editing and sharing. Successful exploitation could lead to unauthorized code execution on servers, resulting in data breaches, service outages, or lateral movement within networks. Confidential corporate data and sensitive information could be exposed or altered, undermining compliance with GDPR and other data protection regulations. The availability of Office Online Server services could be disrupted, affecting business continuity. Given the high integration of Microsoft products in European public and private sectors, including government, finance, and healthcare, the potential for operational and reputational damage is significant. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments where users have access to upload or open files on the server.

1. Restrict access to Office Online Server to trusted users and networks only, using network segmentation and firewall rules. 2. Implement strict file upload and validation policies to detect and block malicious Excel files before they reach the server. 3. Enhance user training and awareness to recognize suspicious files and avoid interacting with untrusted content. 4. Monitor server logs and network traffic for unusual activity indicative of exploitation attempts. 5. Apply principle of least privilege to limit user and service permissions on the server. 6. Prepare for rapid deployment of official patches from Microsoft once released; consider temporary workarounds such as disabling Excel processing features if feasible. 7. Employ endpoint detection and response (EDR) tools on servers to detect anomalous behavior. 8. Regularly back up critical data and verify restoration procedures to minimize impact of potential compromise.