CVE-2025-24075: 
vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2025-24075) was discovered in Microsoft Office Excel, reported on March 11, 2025. This security flaw affects Microsoft Excel 2016 and Office Online Server installations (NVD, Microsoft Support).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) that allows unauthorized attackers to execute code locally. Microsoft has assigned this vulnerability a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. Users can obtain the fix through multiple channels: Microsoft Update, Microsoft Update Catalog, or Microsoft Download Center. For Excel 2016, the security update KB5002696 is available, while Office Online Server users should apply update KB5002690 (Microsoft Support).