CVE-2025-64677 – This cross-site scripting (XSS) vulnerability i... (How to Fix)

Q: What is the severity of CVE-2025-64677?

CVE-2025-64677 has a CVSS score of 8.2 (HIGH). This cross-site scripting (XSS) vulnerability in Microsoft Office Out-of-Box Experience allows attackers to inject malicious scripts into web pages. When exploited, it enables spoofing attacks where users see manipulated content. This affects users running vulnerable versions of Microsoft Office.

📋 TL;DR

This cross-site scripting (XSS) vulnerability in Microsoft Office Out-of-Box Experience allows attackers to inject malicious scripts into web pages. When exploited, it enables spoofing attacks where users see manipulated content. This affects users running vulnerable versions of Microsoft Office.

💻 Affected Systems

Products:

Microsoft Office

Versions: Specific versions not yet detailed in public advisory

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Office Out-of-Box Experience components during initial setup or configuration.

📦 What is this software?

Office Out Of Box Experience by Microsoft

View all CVEs affecting Office Out Of Box Experience →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal user credentials, session cookies, or redirect users to malicious sites by injecting scripts that appear legitimate.

🟠

Likely Case

Attackers perform spoofing attacks to trick users into revealing sensitive information or clicking malicious links.

🟢

If Mitigated

With proper input validation and output encoding, the attack surface is minimized, though the vulnerability still exists until patched.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64677

Restart Required: Yes

Instructions:

1. Open Microsoft Office application. 2. Go to File > Account > Update Options > Update Now. 3. Restart Office applications after update completes.

🔧 Temporary Workarounds

Disable Office Out-of-Box Experience

windows

Prevents the vulnerable component from loading during Office startup

reg add "HKCU\Software\Microsoft\Office\16.0\Common\General" /v "ShownFirstRunOptin" /t REG_DWORD /d 1 /f

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads
Use browser security settings to restrict script execution in Office web components

🔍 How to Verify

Check if Vulnerable:

Check Office version against patched versions in Microsoft Security Update Guide

Check Version:

In Word/Excel: File > Account > About [Application Name]

Verify Fix Applied:

Verify Office version is updated to patched version and test XSS payloads no longer execute

📡 Detection & Monitoring

Log Indicators:

Unusual Office startup activities
Suspicious script execution in Office processes

Network Indicators:

Unexpected network calls from Office applications to external domains

SIEM Query:

OfficeProcess AND (CommandLine CONTAINS "script" OR NetworkDestination CONTAINS suspicious_domain)

📊 Metadata

CVE ID: CVE-2025-64677

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (19.3th percentile)

Published: December 18, 2025

Last Updated: January 16, 2026

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64677 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64677, you might also want to check these: