Multiple Microsoft Excel Remote Code Execution Flaws Added to MSRC Update Guide
Microsoft added several Microsoft Excel Remote Code Execution entries to its Security Update Guide, including CVE-2025-62556, CVE-2025-62564, CVE-2025-54896, and CVE-2025-59233. The advisories identify the affected product as Microsoft Excel and classify each issue as a remote code execution vulnerability, indicating that successful exploitation could allow arbitrary code to run in the context of the targeted application.
The referenced entries were published across multiple update cycles in 2025, with CVE-2025-54896 appearing in September, CVE-2025-59233 in October, and CVE-2025-62556 and CVE-2025-62564 in December. Microsoft provided the vulnerabilities through its MSRC Security Update Guide, but the referenced records did not include public synopses in the source material, leaving the CVE identifiers and product classification as the primary confirmed details.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2025-62561 in Excel
Microsoft published a Security Update Guide entry for CVE-2025-62561, identified as a Microsoft Excel Remote Code Execution Vulnerability. This marks the public listing of another distinct Excel RCE flaw by Microsoft.
Microsoft publishes advisories for CVE-2025-62556 and CVE-2025-62564 in Excel
Microsoft published Security Update Guide entries for CVE-2025-62556 and CVE-2025-62564, both described as Microsoft Excel Remote Code Execution Vulnerabilities. Multiple references for CVE-2025-62556 appear to be duplicate listings of the same disclosure event.
Microsoft publishes advisory for CVE-2025-62560 in Excel
Microsoft published a Security Update Guide entry for CVE-2025-62560, identified as a Microsoft Excel Remote Code Execution Vulnerability. This marks the public listing of another distinct Excel RCE flaw.
Microsoft publishes advisory for CVE-2025-59233 in Excel
Microsoft published a Security Update Guide entry for CVE-2025-59233, identified as a Microsoft Excel Remote Code Execution Vulnerability. The advisory marks the vulnerability's public listing by Microsoft.
Microsoft publishes advisory for CVE-2025-54899 in Excel
Microsoft added CVE-2025-54899, a Microsoft Excel Remote Code Execution Vulnerability, to its Security Update Guide. This marks the public disclosure and advisory publication for a distinct Excel RCE flaw.
Microsoft publishes advisory for CVE-2025-54896 in Excel
Microsoft added CVE-2025-54896, a Microsoft Excel Remote Code Execution Vulnerability, to its Security Update Guide. This indicates public disclosure and availability of Microsoft's advisory for the flaw.
Microsoft publishes advisory for CVE-2025-47165 in Excel
Microsoft published a Security Update Guide entry for CVE-2025-47165, identified as a Microsoft Excel Remote Code Execution Vulnerability. This marks the public listing of a distinct Excel RCE flaw by Microsoft.
Sources
9 references tracked. Mallory keeps watching after this page renders.
CVE-2025-62556 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-62556 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-62560 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-62564 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-62561 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-59233 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-54896 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-54899 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-47165 - Security Update Guide - Microsoft - Microsoft Excel Remote Code Execution Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft disclosed multiple Office and Excel remote code execution flaws
Microsoft published security advisories for several **remote code execution** vulnerabilities affecting **Microsoft Office** and **Microsoft Excel**, including `CVE-2025-24057`, `CVE-2025-24075`, and `CVE-2025-47162`. The issues were listed in the Microsoft Security Update Guide as Office-family flaws that could allow arbitrary code execution if successfully exploited. The disclosures indicate that the affected attack surface spans both the broader Office suite and Excel specifically, underscoring continued risk from malicious documents and content processed by productivity software. Organizations using Microsoft Office should prioritize review of the relevant advisories and deployment of associated security updates for the affected products tied to these CVEs.
May 25, 2026
Microsoft Patches Repeated Remote Code Execution Flaws Across Office Apps
Microsoft published a long series of security advisories for **remote code execution** vulnerabilities affecting core Office components, with the largest concentration in **Excel** and **Word**. The disclosures include Excel flaws such as `CVE-2024-49026`, `CVE-2024-49069`, `CVE-2025-21362`, `CVE-2025-21381`, `CVE-2025-21387`, `CVE-2025-24082`, `CVE-2025-62553`, `CVE-2026-26107`, `CVE-2026-26109`, `CVE-2026-26112`, and `CVE-2026-40359`, alongside Word issues including `CVE-2025-24077`, `CVE-2025-24078`, `CVE-2025-47170`, `CVE-2025-49700`, `CVE-2025-59222`, `CVE-2026-23657`, and `CVE-2026-33095`. Microsoft also listed related RCE bugs in **Microsoft Office** (`CVE-2025-21392`), **PowerPoint** (`CVE-2025-54908`), **Inbox COM Objects (Global Memory)** (`CVE-2025-58730`), and the **Visual Studio Code Python Extension** (`CVE-2025-49714`). One of the few entries with technical detail, **`CVE-2026-40359`**, describes an **Important** Excel use-after-free flaw (`CWE-416`) with a **CVSS 3.1 score of 7.8** that can let an attacker execute code if a user opens a malicious Office file. Microsoft said the bug was **not publicly disclosed**, **not exploited in the wild**, and **less likely** to be exploited at the time of publication, adding that the **Preview Pane is not an attack vector** and that a fix is available. Taken together, the advisories show Microsoft continuing to address document-driven code execution risks across Office products, where successful exploitation generally depends on **user interaction with crafted files** rather than direct network exposure.
May 25, 2026
Critical Microsoft Excel Information Disclosure Vulnerability (CVE-2026-26144)
Microsoft published guidance for **CVE-2026-26144**, a **Critical** *Microsoft Excel* **information disclosure** vulnerability tracked in the Microsoft Security Update Guide. Microsoft maps the issue to **CWE-79** (improper neutralization of input during web page generation / XSS) and provides CVSS v3.1 scoring indicating network-reachable exploitation conditions with high confidentiality impact (vector `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`). The advisory is available via MSRC’s Update Guide endpoints (including RSS, PowerShell, API, and CSAF links) to support patch/vulnerability management workflows. No additional incident context, exploitation details, or third-party reporting is included in the provided material beyond the MSRC advisory metadata and scoring.
Mar 21, 2026