CVE-2025-21402

Summary

Microsoft Office OneNote Remote Code Execution Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Office LTSC for Mac 202116.0.1 < 16.93.25011212affected
MicrosoftMicrosoft Office LTSC for Mac 202416.0.0 < 16.93.25011212affected
MicrosoftMicrosoft OneNote1.0.0 < 16.92.24120731affected

Weaknesses

  • CWE-641: CWE-641: Improper Restriction of Names for Files and Other Resources

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References