Primary

Context

Microsoft Office Developer Platform Security Feature Bypass Vulnerability

Vulnerability

Patched

A vulnerability allowing an authorized attacker to locally bypass a security feature has been identified in the Office Developer Platform. This issue arises from the use of a broken or risky cryptographic algorithm.

Impact

Exploitation of this vulnerability allows for a security feature bypass, specifically circumventing the Office Visual Basic for Applications (VBA) signature scheme.

Remediation

Users can apply the security update available through the Microsoft 365 Apps for Enterprise Click-to-Run service to address this vulnerability.

Added: Jul 8, 2025, 6:16 PM

Updated: Jul 8, 2025, 6:16 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Developer Platform Security Feature Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft 365 Apps for Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating