CVE-2023-31275 HIGH

CVE-2023-31275

Vendor Wps
Product WPS Office
Weakness CWE-457
Published November 27, 2023
Last update February 25, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

Key dates

02Disclosure timeline

November 27, 2023 CVE published
February 25, 2026 Record updated