CVE-2025-21356 in Officeinfo

Summary

by MITRE • 01/14/2025

Microsoft Office Visio Remote Code Execution Vulnerability

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 06/13/2026

Microsoft Office Visio contains a remote code execution vulnerability that arises from improper handling of specially crafted Visio files during the rendering process. This flaw exists in the way Visio processes certain file formats and can be exploited by attackers who craft malicious Visio documents designed to trigger the vulnerability when opened by an affected system. The vulnerability stems from inadequate input validation and memory management within the Visio application's file parsing routines, allowing attackers to execute arbitrary code on the target system with the privileges of the logged-on user. The technical implementation involves memory corruption issues that occur when Visio attempts to parse malformed elements within Visio files, particularly affecting the application's ability to properly handle embedded objects and complex drawing structures. This vulnerability is particularly dangerous because it can be exploited through social engineering attacks where users are tricked into opening malicious Visio files delivered via email attachments or malicious websites. The exploitation typically requires no special privileges to succeed, making it an attractive target for attackers seeking to compromise systems through user interaction. According to CWE classification, this vulnerability maps to CWE-121, which describes heap-based buffer overflow conditions, and CWE-787, which addresses out-of-bounds write vulnerabilities that can lead to arbitrary code execution. The ATT&CK framework categorizes this as a technique involving initial access through malicious files and privilege escalation through code execution, with potential for lateral movement if the compromised system has network access to other resources. The impact of this vulnerability extends beyond simple code execution as it can lead to complete system compromise, data exfiltration, and persistent backdoor installation. Organizations using Visio products are particularly at risk since the application is commonly used for diagramming and design work, making it a frequent target for phishing campaigns and targeted attacks. The vulnerability affects multiple versions of Microsoft Office Visio including Visio 2016, Visio 2019, and Visio Online, with the risk being highest when users open untrusted Visio files from unknown sources. Security researchers have identified that the flaw can be triggered through various file formats including .vsdx, .vssx, and .vstx files, which are standard Visio document formats. The memory corruption occurs during the parsing of complex drawing elements, particularly when dealing with embedded objects, custom properties, or malformed shapes within the Visio documents. Attackers can leverage this vulnerability to gain unauthorized access to sensitive information, deploy malware, or establish persistent access to compromised systems. The exploitation process typically involves crafting a Visio file with malicious payloads that trigger the memory corruption when the document is opened, potentially leading to complete system compromise. Mitigation strategies include implementing strict file validation policies, disabling automatic opening of Visio files from untrusted sources, and ensuring that all systems are updated with the latest security patches from Microsoft. Network segmentation and email filtering solutions should be deployed to prevent the delivery of malicious Visio files through email attachments. Additionally, users should be trained to recognize suspicious email attachments and avoid opening files from unknown senders, as social engineering remains the primary attack vector for this vulnerability. Organizations should also consider implementing application whitelisting policies to restrict the execution of Visio files from unauthorized sources, thereby reducing the attack surface. The vulnerability highlights the importance of proper input validation and memory safety practices in office productivity applications, as these tools are frequently targeted due to their widespread use and the trust users place in them. Regular security assessments and vulnerability scanning should be performed to identify systems running vulnerable versions of Visio and ensure timely patch deployment. The risk assessment for this vulnerability should consider both the technical exposure and the potential business impact, particularly for organizations that rely heavily on Visio for critical business processes and document management.

Responsible

Microsoft

Disclosure

01/14/2025

Moderation

accepted

CPE

ready

EPSS

0.00707

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!