CVE-2026-55125 is a Microsoft Office heap-based buffer overflow that can lead to remote code execution. Microsoft rates it High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is local, privileges required are none, user interaction is required, and the scope is unchanged. Microsoft says exploitation is not publicly disclosed and not known to be exploited, with exploit code maturity listed as unproven. Enterprise risk is elevated for environments where users can be convinced to open malicious Office files, but it is not a network-only, unauthenticated attack. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; the vector is LOCAL and user interaction is REQUIRED, so this is not a network-exposed, no-interaction attack. - Severity for enterprise: High technical severity, but real-world exposure is lower than remote network RCE because exploitation requires a user to open a malicious Office file on the local machine. - Patch status: available; customer action required. Affected systems: - No products listed in the source data.