Analysis Summary

CVE-2025-21402 CVSS:7.8

Microsoft Office OneNote Remote Code Execution Vulnerability

CVE-2025-21365 CVSS:7.8

Microsoft Office Remote Code Execution Vulnerability

CVE-2025-21346 CVSS:7.1

Microsoft Office Security Feature Bypass Vulnerability

CVE-2024-49065 CVSS:5.5

Microsoft Office could allow a local attacker to execute arbitrary code on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43600 CVSS:7.8

Microsoft Office could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to escalate privileges.

CVE-2025-21364 CVSS:7.8

Microsoft Excel Security Feature Bypass Vulnerability.

CVE-2025-21354 CVSS:7.8

Microsoft Excel Remote Code Execution Vulnerability.

CVE-2024-49069 CVSS:7.8

Microsoft Excel could allow a local attacker to execute arbitrary code on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Code Execution
• Security Bypass
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2025-21402

• CVE-2025-21365

• CVE-2025-21346

• CVE-2024-49065

• CVE-2024-43600

• CVE-2025-21364

• CVE-2025-21354

• CVE-2024-49069

Affected Vendors

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2025-21402

CVE-2025-21365

CVE-2025-21346

CVE-2024-49065

CVE-2024-43600

CVE-2025-21364

CVE-2025-21354

CVE-2024-49069