CVE-2025-62564 is an out-of-bounds read vulnerability classified under CWE-125 found in Microsoft Office Online Server's Excel component, version 16.0.0.0. The vulnerability arises due to improper bounds checking when processing Excel files, allowing an attacker to read memory outside the intended buffer. This memory corruption can be leveraged to execute arbitrary code locally on the affected system. The attack vector is local (AV:L), requiring low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R), such as opening a malicious Excel file via the Office Online Server interface. The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), indicating potential full system compromise. The vulnerability was reserved in mid-October 2025 and published in early December 2025. No public exploits are known yet, but the high CVSS score (7.8) reflects the serious risk posed. Microsoft has not yet released patches, so mitigation currently relies on access controls and monitoring. The vulnerability could be exploited by attackers to gain code execution on servers handling Office Online documents, potentially leading to lateral movement or data exfiltration in enterprise environments.

For European organizations, this vulnerability poses a significant threat, especially those using Microsoft Office Online Server for collaborative document editing and processing. Successful exploitation could lead to unauthorized code execution on critical servers, resulting in data breaches, disruption of business operations, and potential compromise of sensitive information. Given the high impact on confidentiality, integrity, and availability, attackers could manipulate or steal data, disrupt services, or use compromised servers as footholds for further attacks within the network. Sectors such as finance, government, healthcare, and critical infrastructure in Europe that rely heavily on Microsoft Office Online Server are at heightened risk. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments where users may be tricked into opening malicious files or where attackers have gained initial access. The absence of known exploits currently provides a window for proactive mitigation before active exploitation occurs.

1. Monitor Microsoft’s security advisories closely and apply official patches immediately upon release to address CVE-2025-62564. 2. Restrict local access to Office Online Server hosts to trusted administrators only, minimizing opportunities for local exploitation. 3. Implement strict file upload and content scanning policies to detect and block malicious Excel files before processing. 4. Employ application whitelisting and endpoint protection solutions on servers hosting Office Online Server to detect anomalous behavior indicative of exploitation attempts. 5. Educate users about the risks of opening untrusted Excel files, especially in environments where Office Online Server is accessible. 6. Use network segmentation to isolate Office Online Server infrastructure from sensitive systems, limiting lateral movement if compromise occurs. 7. Enable detailed logging and monitoring on Office Online Server to detect unusual access patterns or errors related to memory handling. 8. Consider temporary disabling or limiting Excel file processing capabilities in Office Online Server if patching is delayed and risk is high.