Detections
Analytics
Security Updates for Microsoft Excel Products C2R (February 2025)
high Nessus Plugin ID 216321
Language:
Synopsis
The Microsoft Excel Products are missing a security update.Description
The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerabilities:- Microsoft Office is affected by a remote code execution vulnerability. (CVE-2025-21354, CVE-2025-21362, CVE-2025-21394, CVE-2025-21386, CVE-2025-21390, CVE-2025-21387, CVE-2025-21381)
- Microsoft Office is affected by a security feature bypass vulnerability. (CVE-2025-21364)
- Microsoft Office is affected by an information disclosure vulnerability. (CVE-2025-21383)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.See Also
Plugin Details
Severity: High
ID: 216321
File Name: smb_nt_ms25_feb_excel_c2r.nasl
Version: 1.2
Type: local
Agent: windows
Family: Windows
Published: 2/14/2025
Updated: 2/19/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-21394
CVSS v3
Risk Factor: High
Base Score: 8.4
Temporal Score: 7.3
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2025-21362
Vulnerability Information
CPE: cpe:/a:microsoft:excel
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 2/11/2025
Vulnerability Publication Date: 2/11/2025
Reference Information
CVE: CVE-2025-21354, CVE-2025-21362, CVE-2025-21364, CVE-2025-21381, CVE-2025-21383, CVE-2025-21386, CVE-2025-21387, CVE-2025-21390, CVE-2025-21394
IAVA: 2025-A-0105