Security Updates for Microsoft Excel Products (April 2025)

🗓️ 08 Apr 2025 00:00:00Reported by TenableType

Microsoft Excel Products lack security updates, exposing remote code execution vulnerabilities.

Reporter	Title	Published	Views	Family All 60
Circl	CVE-2025-26642	8 Apr 202516:14	–	circl
Circl	CVE-2025-27750	8 Apr 202516:14	–	circl
Circl	CVE-2025-27751	8 Apr 202516:14	–	circl
CNNVD	Microsoft Office 资源管理错误漏洞	8 Apr 202500:00	–	cnnvd
CNNVD	Microsoft Office 资源管理错误漏洞	8 Apr 202500:00	–	cnnvd
CNNVD	Microsoft Office 输入验证错误漏洞	8 Apr 202500:00	–	cnnvd
CNVD	Microsoft Excel Code Execution Vulnerability (CNVD-2025-10609)	9 Apr 202500:00	–	cnvd
CNVD	Microsoft Excel Code Execution Vulnerability (CNVD-2025-10610)	9 Apr 202500:00	–	cnvd
CNVD	Microsoft Office Code Execution Vulnerability (CNVD-2025-10614)	9 Apr 202500:00	–	cnvd
CVE	CVE-2025-26642	8 Apr 202517:23	–	cve

Source	Link
support	www.support.microsoft.com/en-us/help/5002704
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(234032);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/17");

  script_cve_id("CVE-2025-26642", "CVE-2025-27750", "CVE-2025-27751");
  script_xref(name:"MSKB", value:"5002704");
  script_xref(name:"MSFT", value:"MS25-5002704");
  script_xref(name:"IAVA", value:"2025-A-0245-S");

  script_name(english:"Security Updates for Microsoft Excel Products (April 2025)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Excel Products are missing a security update.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple remote code
execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary
commands.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5002704");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released KB5002704 to address this issue.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-26642");
  script_cwe_id(125, 190, 416);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/04/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/04/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("office_installed.nasl", "microsoft_office_compatibility_pack_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('vcf_extras_office.inc');

var bulletin = 'MS25-04';
var kbs = make_list(
  '5002704'
);

var constraints = [
  { 'kb':'5002704', 'channel':'MSI', 'fixed_version': '16.0.5495.1000', 'sp' : 0}
];

vcf::microsoft::office_product::check_version_and_report(
  kbs:kbs,
  constraints:constraints,
  severity:SECURITY_HOLE,
  bulletin:bulletin,
  subproduct:'Excel'
);

17 Sep 2025 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 3.17.8

EPSS0.01391

SSVC