प्लेटफ़ॉर्म
windows
घटक
microsoft-access
में ठीक किया गया
16.0.5530.1000
https://aka.ms/OfficeSecurityReleases
https://aka.ms/OfficeSecurityReleases
CVE-2025-62552 describes a Remote Code Execution (RCE) vulnerability within Microsoft Access. This flaw allows an attacker to execute code locally by leveraging a crafted relative path. The vulnerability impacts versions of Microsoft Access prior to 16.0.0. Microsoft has released security updates as part of their Office Security Releases to address this issue.
Successful exploitation of CVE-2025-62552 grants an attacker the ability to execute arbitrary code on the affected system with the privileges of the user running Microsoft Access. This could lead to complete system compromise, data theft, and the installation of malware. The relative path traversal mechanism allows attackers to bypass security controls and access sensitive files or directories. Given Access's frequent use in business environments for data management, this vulnerability poses a significant risk for data breaches and operational disruption.
CVE-2025-62552 was published on December 9, 2025. The vulnerability's impact is amplified by the widespread use of Microsoft Access in various organizations. Public proof-of-concept exploits are not currently available, but the relative path traversal nature of the vulnerability suggests that such exploits are likely to emerge. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Organizations heavily reliant on Microsoft Access for data management, particularly those with legacy Access databases or those that allow users to open Access files from external sources, are at heightened risk. Shared hosting environments where multiple users access the same Access database are also particularly vulnerable.
• windows / supply-chain:
Get-Process -Name "MSACCESS"
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-Access' and (EventID=1001)]]]"• windows / server:
reg query "HKCU\Software\Microsoft\Office\16.0\Access\Security" /v AllowAccessToFilesFromDifferentTrustZone• generic web: Inspect Access files received from external sources for suspicious relative path references.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.08% (24% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-62552 is to upgrade to the latest Microsoft Office Security Releases (available at https://aka.ms/OfficeSecurityReleases). If immediate upgrading is not feasible, consider restricting access to Microsoft Access files from untrusted sources. Review and tighten file permissions to limit the potential impact of a successful exploit. While a direct WAF rule is unlikely to be effective, monitoring network traffic for unusual Access-related activity could provide early warning signs. After upgrading, confirm the fix by attempting to reproduce the vulnerability with a known exploit vector and verifying that the relative path traversal is blocked.
Aplica las actualizaciones de seguridad proporcionadas por Microsoft a través de Microsoft 365 Apps para Enterprise. Consulta https://aka.ms/OfficeSecurityReleases para obtener más información sobre las actualizaciones disponibles y cómo instalarlas.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-62552 is a Remote Code Execution (RCE) vulnerability in Microsoft Access allowing attackers to execute code locally via a crafted relative path. It has a HIGH severity rating and affects versions prior to 16.0.0.
You are affected if you are using Microsoft Access versions prior to 16.0.0. Check your version and upgrade to the latest Microsoft Office Security Releases to mitigate the risk.
The recommended fix is to upgrade to the latest Microsoft Office Security Releases available at https://aka.ms/OfficeSecurityReleases. Consider restricting access to files from untrusted sources as an interim measure.
While no active exploitation has been confirmed, the vulnerability's nature suggests that exploits are likely to emerge. Monitor security advisories and threat intelligence feeds.
You can find the official Microsoft advisory at https://aka.ms/OfficeSecurityReleases.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।