CVE-2025-26642: 
vulnerability analysis and mitigation

CVE-2025-26642 is a security vulnerability discovered in Microsoft Office that was disclosed on April 8, 2025. The vulnerability is characterized as an out-of-bounds read condition that allows an unauthorized attacker to execute code locally. This vulnerability affects various Microsoft Office products including Excel 2016, SharePoint Server 2019, and Office Online Server (NVD, Microsoft Support).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-125 (Out-of-bounds Read) and CWE-190 (Integer Overflow or Wraparound) (NVD).

The vulnerability allows an unauthorized attacker to execute code locally on affected systems, potentially leading to complete compromise of the system's confidentiality, integrity, and availability as indicated by the CVSS scoring (NVD).

Microsoft has released security updates to address this vulnerability. The updates are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For Office Online Server, the update is KB5002699, for SharePoint Server 2019, it's KB5002691, and for Excel 2016, it's KB5002704 (Microsoft Support).