CVE-2025-27751: 
vulnerability analysis and mitigation

CVE-2025-27751 is a use-after-free vulnerability discovered in Microsoft Office Excel. The vulnerability was disclosed on April 8, 2025, affecting Microsoft Excel 2016 and Office Online Server installations. This security flaw allows an unauthorized attacker to execute code locally on affected systems (NVD, Microsoft Excel Update).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) and requires user interaction to be exploited (NVD).

If successfully exploited, this vulnerability allows an unauthorized attacker to execute code locally on the affected system, potentially leading to full system compromise with high impacts on confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability. Users can obtain the fix through multiple channels: Microsoft Update, Microsoft Update Catalog, or Microsoft Download Center. For Excel 2016, the security update KB5002704 is available, and for Office Online Server, the security update KB5002699 has been released (Microsoft Excel Update, Office Server Update).