DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2025-62563

High

Low Medium High Critical

7.8

CVSS Score

Published: Dec 09, 2025

Last Modified: Dec 09, 2025

CWE: CWE-416

Vulnerability Description

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

5 configuration(s) from 1 vendor(s)

office_long_term_servicing_channel

Version:

2024

CPE:

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*

office_long_term_servicing_channel

Version:

2021

CPE:

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*

office

Version:

2019

CPE:

cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*

excel

Version:

2016

CPE:

cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac_os_x:*:*

365_apps

Version:

CPE:

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*

This vulnerability affects 5 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62563
secure@microsoft.com Vendor Advisory

Severity Details

7.8

out of 10.0

High

Weakness Type (CWE)

CWE-416 Top 25 #12

Use After Free

Description: The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Variant