// Alert

Microsoft 365 threat report

CVE-2025-60727, an out-of-bounds read vulnerability in Microsoft 365 Apps Excel parser, allows remote code execution via malicious Excel files. The flaw affects Microsoft 365 Apps, Excel 2016, Office 2019, Office LTSC 2021 and 2024, and Office Online Server. Exploitation requires user interaction but can lead to arbitrary code execution with victim privileges, enabling credential harvesting and lateral movement. Microsoft has released security updates and organizations should prioritize patching.

// Get alerts for Microsoft 365