CVE-2025-54902 – An out-of-bounds read vulnerability in Microsof... (How to Fix)

Q: What is the severity of CVE-2025-54902?

CVE-2025-54902 has a CVSS score of 7.8 (HIGH). An out-of-bounds read vulnerability in Microsoft Office Excel allows attackers to execute arbitrary code on affected systems by tricking users into opening malicious Excel files. This affects users running vulnerable versions of Microsoft Excel on Windows, macOS, and potentially other platforms where Office is supported.

📋 TL;DR

An out-of-bounds read vulnerability in Microsoft Office Excel allows attackers to execute arbitrary code on affected systems by tricking users into opening malicious Excel files. This affects users running vulnerable versions of Microsoft Excel on Windows, macOS, and potentially other platforms where Office is supported.

💻 Affected Systems

Products:

Microsoft Excel
Microsoft Office suites containing Excel

Versions: Specific versions to be determined from Microsoft advisory; typically affects multiple recent versions prior to patch

Operating Systems: Windows, macOS, potentially other platforms with Office support

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected Excel versions are vulnerable. Microsoft 365 auto-updates may mitigate if patches are applied automatically.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local code execution with user-level privileges, enabling data exfiltration, credential theft, and installation of additional malware.

🟢

If Mitigated

Limited impact due to application sandboxing, antivirus detection, or user account restrictions preventing privilege escalation.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files, not directly exploitable over network protocols.

🏢 Internal Only: MEDIUM - Significant risk from phishing emails, malicious downloads, or compromised internal file shares containing weaponized Excel documents.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious Excel file. Exploit development requires understanding of Excel file format and memory corruption techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be specified in Microsoft Security Update

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54902

Restart Required: Yes

Instructions:

1. Open any Office application
2. Go to File > Account > Update Options > Update Now
3. Alternatively, use Microsoft Update or Windows Update for system-wide updates
4. Restart computer after update installation

🔧 Temporary Workarounds

Disable Excel Protected View

windows

Configure Excel to open files from untrusted sources in Protected View to prevent automatic code execution

Block .xls/.xlsx attachments

all

Configure email gateways to block or sandbox Excel file attachments

🧯 If You Can't Patch

Restrict Excel file execution via application control policies (AppLocker/Windows Defender Application Control)
Implement network segmentation to limit lateral movement from compromised workstations

🔍 How to Verify

Check if Vulnerable:

Check Excel version against patched version in Microsoft advisory. Vulnerable if running unpatched version.

Check Version:

In Excel: File > Account > About Excel (Windows) or Excel > About Excel (macOS)

Verify Fix Applied:

Verify Excel version matches or exceeds patched version specified in Microsoft advisory.

📡 Detection & Monitoring

Log Indicators:

Excel crash logs with memory access violations
Windows Event Logs showing Excel process spawning unexpected child processes

Network Indicators:

Unusual outbound connections from Excel process
DNS requests to suspicious domains following Excel file opening

SIEM Query:

source="*excel*" AND (event_id=1000 OR process_creation_parent="excel.exe")

📊 Metadata

CVE ID: CVE-2025-54902

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.06% exploit probability (19.8th percentile)

Published: September 9, 2025

Last Updated: October 1, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54902 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54902, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

365 Apps by Microsoft

365 Apps by Microsoft

Excel by Microsoft

Excel by Microsoft

Office by Microsoft

Office by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Online Server by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Excel Protected View

Block .xls/.xlsx attachments

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities