7.8

CVE-2025-21402

Microsoft Office OneNote Remote Code Execution Vulnerability

Microsoft Office OneNote Remote Code Execution Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2024 SwEditionltsc SwPlatformmacos
MicrosoftOffice Long Term Servicing Channel Version2021 SwPlatformmacos
MicrosoftOnenote Version- SwPlatformmacos
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.463
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-641 Improper Restriction of Names for Files and Other Resources

The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402
Patch
Vendor Advisory