Endpoint VulnerabilityMicrosoft Access CVE-2025-21186 Remote Code Execution Vulnerability
Description
A heap-based buffer overflow in Microsoft Office Access allows remote code execution; the update blocks malicious extensions to mitigate the vulnerability.
Affected Applications
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Access 2016 x64
Microsoft Office 2019 for 64-bit editions
Microsoft Access 2016 x86
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2025-01-14 | 1.00802 |
New
|
Microsoft 365 Apps for Enterprise for 32-bit Systems,Microsoft Access 2016 x64,Microsoft Office 2019 for 64-bit editions,Microsoft Access 2016 x86,Microsoft Office LTSC 2021 for 32-bit editions,Microsoft Office LTSC 2021 for 64-bit editions,Microsoft Office LTSC 2024 for 64-bit editions,Microsoft 365 Apps for Enterprise for 64-bit Systems,Microsoft Office 2019 for 32-bit editions,Microsoft Office LTSC 2024 for 32-bit editions |
| ID | 83572 |
| Created | Jan 14, 2025 |
| Description Updated |
Jan 10, 2026 |
| CVE ID | |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Microsoft 365 Apps for Enterprise for 32-bit Systems , Microsoft Access 2016 x64 , Microsoft Office 2019 for 64-bit editions , Microsoft Access 2016 x86 , Microsoft Office LTSC 2021 for 32-bit editions , Microsoft Office LTSC 2021 for 64-bit editions , Microsoft Office LTSC 2024 for 64-bit editions , Microsoft 365 Apps for Enterprise for 64-bit Systems , Microsoft Office 2019 for 32-bit editions , Microsoft Office LTSC 2024 for 32-bit editions |