Detections
Analytics
Microsoft Office for Universal RCE (May 2025)
high Nessus Plugin ID 235857
Synopsis
The Microsoft Office for Universal products are affected by a remote code execution vulnerability.Description
The Microsoft Office for Universal products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to app version 16.0.14326.22502 or later via the Microsoft Store.See Also
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30388
Plugin Details
Severity: High
ID: 235857
File Name: smb_nt_ms25_may_office_universal.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 5/13/2025
Updated: 5/13/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-30388
CVSS v3
Risk Factor: High
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:microsoft:word, cpe:/o:microsoft:windows, cpe:/a:microsoft:powerpoint, cpe:/a:microsoft:excel
Required KB Items: SMB/Registry/Enumerated, WMI/Windows App Store/Enumerated
Patch Publication Date: 5/13/2025
Vulnerability Publication Date: 5/13/2025
Reference Information
CVE: CVE-2025-30388