CVE-2025-24083: 
vulnerability analysis and mitigation

A vulnerability identified as CVE-2025-24083 was discovered in Microsoft Office, disclosed on March 11, 2025. The vulnerability involves an untrusted pointer dereference that allows an unauthorized attacker to execute code locally on affected systems. The affected products include Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2024, and Microsoft Office 2016 (NVD, Microsoft Support).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates a local attack vector, low attack complexity, no privileges required, and user interaction is required. The vulnerability has been classified under CWE-822 (Untrusted Pointer Dereference) (NVD).

If successfully exploited, this vulnerability can lead to high impacts on confidentiality, integrity, and availability of the affected system. The attacker could potentially execute code with the privileges of the current user (AttackerKB).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the latest security updates through Microsoft Update or download the standalone update package through the Microsoft Download Center. For Office 2016, the security update KB5002693 has been released as a fix (Microsoft Support).