Improper Restriction of Names for Files and Other Resources

CVE-2025-21402

High

7.8/10

Summary

Microsoft Office OneNote Remote Code Execution Vulnerability

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-641 - Improper Restriction of Names for Files and Other Resources

The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

References

Advisory Timeline

Published Jan 14, 2025

Improper Restriction of Names for Files and Other Resources

CVE-2025-21402

Summary

CWE-641 - Improper Restriction of Names for Files and Other Resources

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS