7.8

CVE-2025-21361

Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2024 SwEditionltsc SwPlatformmacos
MicrosoftOffice Long Term Servicing Channel Version2021 SwPlatformmacos
MicrosoftOutlook SwPlatformmacos Version < 16.93
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.73% 0.495
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-641 Improper Restriction of Names for Files and Other Resources

The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21361
Patch
Vendor Advisory