PatchSiren cyber security CVE debrief
CVE-2025-30386 Microsoft CVE debrief
CVE-2025-30386 is a Microsoft Office use-after-free vulnerability that can allow an unauthorized attacker to execute code locally. NVD rates it HIGH (CVSS 8.4), and the affected scope includes multiple Office product lines, including Microsoft 365 Apps, Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Office for Android as listed in NVD.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-19
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-19
Who should care
Administrators and security teams responsible for Microsoft Office deployments should prioritize this CVE, especially environments running Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office on Android. Endpoint teams should also review any systems where Office is installed and users may open untrusted content.
Technical summary
The issue is described as a use-after-free condition in Microsoft Office. Microsoft’s advisory and NVD record indicate local code execution impact, with CVSS v3.1 vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. NVD associates the flaw with CWE-416 and lists vulnerable CPEs across Office desktop, LTSC, and Android variants.
Defensive priority
High. This is a high-severity code-execution issue in widely deployed productivity software, affecting several Office editions and channels. Patch or mitigate promptly based on Microsoft’s advisory and internal exposure.
Recommended defensive actions
- Review Microsoft’s security advisory for CVE-2025-30386 and apply the recommended update as soon as practical.
- Inventory Office installations to identify exposure across Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Android.
- Prioritize systems where Office is installed on endpoints used for email, document handling, or other untrusted file workflows.
- Confirm version status for Office on Android and remediate any versions earlier than 16.0.18827.20000, per NVD’s vulnerable range.
- Monitor for anomalous local execution behavior on Office endpoints and validate patch coverage after remediation.
Evidence notes
Source evidence is limited to the official CVE/NVD record and Microsoft’s vendor advisory reference. The CVE description states a use-after-free in Microsoft Office with unauthorized local code execution impact. NVD marks the vulnerability analyzed, assigns CVSS 8.4 with vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and lists affected CPEs for Microsoft 365 Apps, Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Office for Android. NVD also records CWE-416.
Official resources
-
CVE-2025-30386 CVE record
CVE.org
-
CVE-2025-30386 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2025-05-13 and modified on 2025-05-19 in the supplied record. No KEV entry is listed in the provided corpus.