CVE-2025-21397: 
vulnerability analysis and mitigation

Microsoft Office Remote Code Execution Vulnerability (CVE-2025-21397) was disclosed on February 11, 2025. This vulnerability affects Microsoft 365 Apps Enterprise Edition, Microsoft Office LTSC 2021, and Microsoft Office LTSC 2024 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The attack vector is Local, requiring low attack complexity with no privileges required, though user interaction is necessary. The vulnerability has been classified as CWE-416 (Use After Free) by Microsoft Corporation (NVD).

If successfully exploited, this vulnerability could lead to high impacts on confidentiality, integrity, and availability of the affected systems. The vulnerability allows an attacker to execute arbitrary code with the same privileges as the affected application (AttackerKB).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the latest security updates available through the official Microsoft update channels. Updates can be obtained from https://aka.ms/OfficeSecurityReleases (Microsoft Advisory).